Description

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Remediation

References

CVE-2001-1227

Related Vulnerabilities

Dotclear Other Vulnerability (CVE-2007-3688)

Oracle Database Server CVE-2006-0262 Vulnerability (CVE-2006-0262)

PHP Improper Input Validation Vulnerability (CVE-2010-1129)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0788)

WordPress Plugin Login with phone number Security Bypass (1.7.26)

Severity

High

Classification

CVE-2001-1227

Tags

Missing Update Known Vulnerabilities