Description

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

Remediation

References

CVE-2002-0170

Related Vulnerabilities

Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5720)

WordPress Plugin Autoptimize Multiple Vulnerabilities (2.7.6)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1029)

WordPress Plugin Image Metadata Cruncher Multiple Vulnerabilities (1.8)

WordPress Plugin IP Logger Arbitrary File Upload (3.1)

Severity

High

Classification

CVE-2002-0170

Tags

Missing Update Known Vulnerabilities