Description
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Remediation
References
Related Vulnerabilities
WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Request Forgery (6.5.4)
Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-1240)
WordPress Plugin Meow Gallery (+ Gallery Block) SQL Injection (4.1.8)
Microsoft SQL Server CVE-2023-21705 Vulnerability (CVE-2023-21705)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-1000658)