CVE-2012-5485

Опубликовано: 06 нояб. 2012

Источник: redhat

CVSS2: 6

EPSS Низкий

Описание

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

It was discovered that Plone, included as a part of luci, did not properly protect the administrator interface (control panel). A remote attacker could use this flaw to inject a specially crafted Python statement or script into Plone's restricted Python sandbox that, when the administrator interface was accessed, would be executed with the privileges of that administrator user.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	conga	Affected
Red Hat Enterprise Linux 5	conga	Fixed	RHSA-2014:1194	16.09.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-306

https://bugzilla.redhat.com/show_bug.cgi?id=878934(Plone): Restricted Python injection

EPSS

Процентиль: 68%

0.00599

Низкий

6 Medium

CVSS2

Связанные уязвимости

CVE-2012-5485

nvd

почти 11 лет назад

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

GHSA-7hxc-mwx7-5hmc

CVSS3: 7.2

github

больше 3 лет назад

Plone Code Injection vulnerability

ELSA-2014-1194

oracle-oval