Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)

Description

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

Remediation

References

CVE-2012-5488

Related Vulnerabilities

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2505)

PHP Improper Input Validation Vulnerability (CVE-2011-4885)

Apache HTTP Server Other Vulnerability (CVE-2007-1863)

Oracle Database Server Other Vulnerability (CVE-2001-0831)

Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027)

Severity

Medium

Classification

CVE-2012-5488 CWE-94

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags

Take action and discover your vulnerabilities