Description
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4850)
Oracle JRE CVE-2013-5778 Vulnerability (CVE-2013-5778)
Apache HTTP Server CVE-2002-0839 Vulnerability (CVE-2002-0839)
WordPress Plugin WP-UserOnline Cross-Site Scripting (2.87.6)
WordPress Plugin Customer Service Software & Support Ticket System Cross-Site Scripting (5.5.1)