Description

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.

Remediation

References

CVE-2002-0688

Related Vulnerabilities

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13965)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-20033)

MySQL CVE-2020-14837 Vulnerability (CVE-2020-14837)

WordPress Plugin iCopyright Toolbar 'icopyright_xml.php' SQL Injection (1.1.4)

Oracle JRE CVE-2014-0459 Vulnerability (CVE-2014-0459)

Severity

High

Classification

CVE-2002-0688

Tags

Missing Update Known Vulnerabilities