Description

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

Remediation

References

CVE-2011-4030

Related Vulnerabilities

MySQL CVE-2019-2812 Vulnerability (CVE-2019-2812)

MySQL CVE-2015-0506 Vulnerability (CVE-2015-0506)

ASP.NET MVC Improper Authentication Vulnerability (CVE-2018-8171)

TCExam Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4601)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4225)

Severity

Critical

Classification

CVE-2011-4030 CWE-264

Tags

Missing Update Known Vulnerabilities