Description

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

Remediation

References

CVE-2012-5488

Related Vulnerabilities

Oracle JRE CVE-2014-0461 Vulnerability (CVE-2014-0461)

WordPress 4.5.x Same Origin Method Execution (SOME) Vulnerability (4.5 - 4.5.1)

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2011-3192)

WordPress Plugin AccessAlly Information Disclosure (3.5.6)

WordPress Plugin BuddyPress Members Only Cross-Site Scripting (1.8.3)

Severity

Medium

Classification

CVE-2012-5488 CWE-94

Tags

Missing Update Known Vulnerabilities