A vulnerability exists in Zope 2.12.x and Zope 2.13.x allows execution of arbitrary code by anonymous users. This is a severe vulnerability that allows an unauthenticated attacker to employ a carefully crafted web request to execute arbitrary commands with the privileges of the Zope/Plone service.
Versions Affected: Plone 4.0 (through 4.0.9); Plone 4.1; Plone 4.2 (a1 and a2); Zope 2.12.x and Zope 2.13.x.
Versions Not Affected: Versions of Plone that use Zope other than Zope 2.12.x and Zope 2.13.x.
- Apply the Plone Hotfix 20110928 (Oct 04, 2011).
- WordPress Plugin WP Bannerize 'ajax_sorter.php' SQL Injection (2.8.7)
- WordPress Plugin qTranslate Cross-Site Scripting (2.5.39)
- WordPress Plugin File Manager Remote Code Execution (4.1)
- WordPress Plugin KNR Author List Widget 'listItem' Parameter SQL Injection (2.0.0)
- WordPress Plugin Easy Contact Form Solution Cross-Site Scripting (1.6)