Description
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
Remediation
References
Related Vulnerabilities
Drupal Core 8.9.0 Remote Code Execution (8.9.0)
WordPress Plugin Event List Cross-Site Scripting (0.7.9)
WordPress Plugin Form Vibes-Database Manager for Forms SQL Injection (1.4.10)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.6)
LimeSurvey Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5573)