Description
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Remediation
References
Related Vulnerabilities
Play Framework Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-12480)
MySQL CVE-2020-14844 Vulnerability (CVE-2020-14844)
WordPress Plugin Relocate Upload 'abspath' Parameter Remote File Include (0.14)
Internet Information Services Other Vulnerability (CVE-2000-1104)
WordPress Plugin Unlimited Pop-Ups Multiple Cross-Site Scripting Vulnerabilities (1.4.3)