Description
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Remediation
References
Related Vulnerabilities
Dotclear Other Vulnerability (CVE-2007-3688)
Oracle Database Server CVE-2006-0262 Vulnerability (CVE-2006-0262)
PHP Improper Input Validation Vulnerability (CVE-2010-1129)
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0788)
WordPress Plugin Login with phone number Security Bypass (1.7.26)