Description

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

Remediation

References

CVE-2011-3587

Related Vulnerabilities

MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2080)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17827)

MySQL CVE-2013-2391 Vulnerability (CVE-2013-2391)

Jboss EAP Session Fixation Vulnerability (CVE-2021-20324)

b2evolution Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-8901)

Severity

Critical

Classification

CVE-2011-3587

Tags

Missing Update Known Vulnerabilities