Description
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0659 Vulnerability (CVE-2016-0659)
WordPress Plugin Warranties and Returns for WooCommerce Security Bypass (5.2.1)
XWiki CVE-2023-26474 Vulnerability (CVE-2023-26474)
WordPress Plugin IP Logger 'map-details.php' SQL Injection (3.0)
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11585)