CVE-2012-5485

Опубликовано: 06 нояб. 2012

Источник: redhat

CVSS2: 6

Описание

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

It was discovered that Plone, included as a part of luci, did not properly protect the administrator interface (control panel). A remote attacker could use this flaw to inject a specially crafted Python statement or script into Plone's restricted Python sandbox that, when the administrator interface was accessed, would be executed with the privileges of that administrator user.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	conga	Affected
Red Hat Enterprise Linux 5	conga	Fixed	RHSA-2014:1194	16.09.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-306

https://bugzilla.redhat.com/show_bug.cgi?id=878934(Plone): Restricted Python injection

6 Medium

CVSS2

Связанные уязвимости

CVE-2012-5485

nvd

около 11 лет назад

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

GHSA-7hxc-mwx7-5hmc

CVSS3: 7.2

github

больше 3 лет назад

Plone Code Injection vulnerability

ELSA-2014-1194

oracle-oval

около 11 лет назад

ELSA-2014-1194: conga security and bug fix update (MODERATE)

6 Medium

CVSS2