Plone Sandbox Bypass

🗓️ 17 May 2022 04:24:32Reported by GitHub Advisory DatabaseType

Plone sandbox bypass in versions before 4.2.3 and 4.3 beta 1 allows remote authenticated users to execute arbitrary Python cod

Reporter	Title	Published	Views	Family All 6
NVD	CVE-2012-5487	30 Sep 201414:55	–	nvd
OSV	PYSEC-2014-29	30 Sep 201414:55	–	osv
OSV	Plone Sandbox Bypass	17 May 202204:32	–	osv
Prion	Code injection	30 Sep 201414:55	–	prion
CVE	CVE-2012-5487	30 Sep 201414:55	–	cve
Cvelist	CVE-2012-5487	30 Sep 201414:00	–	cvelist

Vulners

Node

plone ploneRange4.3a0–4.3b1

plone ploneRange<4.2.3

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-5487
github	www.github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
plone	www.plone.org/products/plone-hotfix/releases/20121106
plone	www.plone.org/products/plone/security/advisories/20121106/03
openwall	www.openwall.com/lists/oss-security/2012/11/10/1
github	www.github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-29.yaml
github	www.github.com/advisories/GHSA-9m4g-f42q-vrrh

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 May 2022 04:32Current

7.4High risk

Vulners AI Score7.4

CVSS28.5

EPSS0.00788

CWE-693