Description
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
Remediation
References
Related Vulnerabilities
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.23)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.59)
WordPress Plugin Uploader 'num' Parameter Cross-Site Scripting (1.0.0)
phpMyFAQ 7PK - Security Features Vulnerability (CVE-2014-6050)
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5502)