Description
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2019-2648 Vulnerability (CVE-2019-2648)
Python Uncontrolled Recursion Vulnerability (CVE-2026-4224)
PrestaShop Observable Timing Discrepancy Vulnerability (CVE-2026-25597)
Joomla External Control of File Name or Path Vulnerability (CVE-2026-23898)
Oracle Database Server CVE-2006-0287 Vulnerability (CVE-2006-0287)