Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-5488 (GCVE-0-2012-5488)
Vulnerability from cvelistv5 – Published: 2014-09-30 14:00 – Updated: 2024-08-06 21:05
VLAI?
EPSS
Summary
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-06T13:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5488",
"datePublished": "2014-09-30T14:00:00.000Z",
"dateReserved": "2012-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:05:47.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2012-5488
Vulnerability from fkie_nvd - Published: 2014-09-30 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject."
},
{
"lang": "es",
"value": "python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos ejecutar c\u00f3digo Python a trav\u00e9s de una URL manipulada, relacionado con createObject."
}
],
"id": "CVE-2012-5488",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:05.953",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2012-5488
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-5488",
"description": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.",
"id": "GSD-2012-5488",
"references": [
"https://access.redhat.com/errata/RHSA-2014:1194",
"https://linux.oracle.com/cve/CVE-2012-5488.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-5488"
],
"details": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.",
"id": "GSD-2012-5488",
"modified": "2023-12-13T01:20:19.599250Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2014-1194.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "MISC",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "MISC",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/04",
"refsource": "MISC",
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c4.2.3||\u003e=4.3a1,\u003c4.3b1",
"affected_versions": "All versions before 4.2.3, all versions starting from 4.3a1 before 4.3b1",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937",
"CWE-94"
],
"date": "2023-02-08",
"description": "It was discovered that Plone, included as a part of luci, does not properly protect the privilege of running RestrictedPython scripts. A remote attacker could use a specially crafted URL that, when processed, would allow the attacker to submit and perform expensive computations or, in conjunction with other attacks, be able to access or alter privileged information.",
"fixed_versions": [
"4.2.3",
"4.3b1"
],
"identifier": "CVE-2012-5488",
"identifiers": [
"GHSA-cxw7-85xm-3xrc",
"CVE-2012-5488"
],
"not_impacted": "All versions starting from 4.2.3 before 4.3a1, all versions starting from 4.3b1",
"package_slug": "pypi/Plone",
"pubdate": "2022-05-17",
"solution": "Upgrade to versions 4.2.3, 4.3b1 or above.",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2012-5488",
"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"https://plone.org/products/plone-hotfix/releases/20121106",
"https://plone.org/products/plone/security/advisories/20121106/04",
"http://rhn.redhat.com/errata/RHSA-2014-1194.html",
"http://www.openwall.com/lists/oss-security/2012/11/10/1",
"https://access.redhat.com/errata/RHSA-2014:1194",
"https://access.redhat.com/security/cve/CVE-2012-5488",
"https://bugzilla.redhat.com/show_bug.cgi?id=878945",
"https://github.com/advisories/GHSA-cxw7-85xm-3xrc"
],
"uuid": "1ebcf257-8a19-4e4b-87e1-d4e2e25ef83b"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5488"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/04",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
},
{
"name": "RHSA-2014:1194",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T04:36Z",
"publishedDate": "2014-09-30T14:55Z"
}
}
}
GHSA-CXW7-85XM-3XRC
Vulnerability from github – Published: 2022-05-17 04:31 – Updated: 2024-10-09 21:11
VLAI?
Summary
Plone Code Injection vulnerability
Details
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Plone"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Plone"
},
"ranges": [
{
"events": [
{
"introduced": "4.3a0"
},
{
"fixed": "4.3b1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-5488"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-08T17:56:42Z",
"nvd_published_at": "2014-09-30T14:55:00Z",
"severity": "HIGH"
},
"details": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.",
"id": "GHSA-cxw7-85xm-3xrc",
"modified": "2024-10-09T21:11:13Z",
"published": "2022-05-17T04:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5488"
},
{
"type": "WEB",
"url": "https://github.com/plone/Products.CMFPlone/commit/a9479a5b38646fe0b0a9066ee46de9c18de32bfa"
},
{
"type": "WEB",
"url": "https://github.com/plone/Products.CMFPlone/commit/c3a98f4e6cf26501485de9c8354c49afdea21df8"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:1194"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2012-5488"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=878945"
},
{
"type": "PACKAGE",
"url": "https://github.com/plone/Products.CMFPlone"
},
{
"type": "WEB",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-30.yaml"
},
{
"type": "WEB",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"type": "WEB",
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Plone Code Injection vulnerability"
}
PYSEC-2014-30
Vulnerability from pysec - Published: 2014-09-30 14:55 - Updated: 2021-09-01 08:44
VLAI?
Details
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
Impacted products
| Name | purl | plone | pkg:pypi/plone |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "plone",
"purl": "pkg:pypi/plone"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.3"
},
{
"introduced": "4.3a0"
},
{
"fixed": "4.3b1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2",
"3.2.1",
"3.2.2",
"3.2.3",
"3.2a1",
"3.2rc1",
"3.3",
"3.3.1",
"3.3.2",
"3.3.3",
"3.3.4",
"3.3.5",
"3.3.6",
"3.3b1",
"3.3rc1",
"3.3rc2",
"3.3rc3",
"3.3rc4",
"3.3rc5",
"4.0",
"4.0.1",
"4.0.10",
"4.0.2",
"4.0.3",
"4.0.4",
"4.0.5",
"4.0.6",
"4.0.7",
"4.0.8",
"4.0.9",
"4.0a1",
"4.0a2",
"4.0a3",
"4.0a4",
"4.0a5",
"4.0b1",
"4.0b2",
"4.0b3",
"4.0b4",
"4.0b5",
"4.0rc1",
"4.1",
"4.1.1",
"4.1.2",
"4.1.3",
"4.1.4",
"4.1.5",
"4.1.6",
"4.1a1",
"4.1a2",
"4.1a3",
"4.1b1",
"4.1b2",
"4.1rc2",
"4.1rc3",
"4.2",
"4.2.1",
"4.2.2",
"4.2a1",
"4.2a2",
"4.2b1",
"4.2b2",
"4.2rc1",
"4.2rc2",
"4.3a1",
"4.3a2"
]
}
],
"aliases": [
"CVE-2012-5488"
],
"details": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.",
"id": "PYSEC-2014-30",
"modified": "2021-09-01T08:44:29.194034Z",
"published": "2014-09-30T14:55:00Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"type": "WEB",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"type": "WEB",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"type": "ADVISORY",
"url": "https://plone.org/products/plone/security/advisories/20121106/04"
},
{
"type": "ADVISORY",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…