Description

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.

Remediation

References

CVE-2012-5493

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43495)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3744)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33334)

WordPress Plugin Welcome Announcement Multiple Cross-Site Scripting Vulnerabilities (1.0.5)

WordPress Plugin Staff Directory-Employee Directory for WordPress Unspecified Vulnerability (3.6.1)

Severity

High

Classification

CVE-2012-5493 CWE-94

Tags

Missing Update Known Vulnerabilities