Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5495)

Description

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."

Remediation

References

Related Vulnerabilities

Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4076)

WordPress Plugin link-list-manager Cross-Site Scripting (1.0)

WordPress Plugin Product Catalog SQL Injection (3.9.8)

WordPress Plugin 2Way VideoCalls and Random Chat-HTML5 Webcam Videochat Cross-Site Scripting (5.2.7)

WordPress Plugin Content Timeline Multiple SQL Injection Vulnerabilities (4.4.2)

Severity

Medium

Classification

CVE-2012-5495 CWE-94

Tags

Missing Update Known Vulnerabilities