Description
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Remediation
References
Related Vulnerabilities
WordPress Plugin Citizen Space Cross-Site Scripting (1.0)
Apache HTTP Server Other Vulnerability (CVE-2004-0493)
Oracle Application Server CVE-2007-5518 Vulnerability (CVE-2007-5518)
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.0.0 - 3.9.26)