plone -- Remote Security Bypass

2011-02-02T00:00:00
ID 7C492EA2-3566-11E0-8E81-0022190034C0
Type freebsd
Reporter FreeBSD
Modified 2011-02-02T00:00:00

Description

Plone developer reports:

This is an escalation of privileges attack that can be used by anonymous users to gain access to a Plone site's administration controls, view unpublished content, create new content and modify a site's skin. The sandbox protecting access to the underlying system is still in place, and it does not grant access to other applications running on the same Zope instance.