Description
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
Remediation
References
Related Vulnerabilities
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.16)
WordPress Plugin Sliced Invoices-WordPress Invoice Multiple Vulnerabilities (3.8.2)
WordPress 4.4.x Same Origin Method Execution (SOME) Vulnerability (4.4 - 4.4.2)
WordPress Plugin Appointment Booking Calendar SQL Injection (1.1.23)
Moodle Improper Input Validation Vulnerability (CVE-2009-1171)