6 matches found
Incorrect Permission Assignment for Critical Resource in Plone
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
CVE-2021-33509
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
PYSEC-2021-81
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
Code injection
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
CVE-2021-33509
Plone 5.2.4 and earlier are affected by an arbitrary file-write vulnerability. Remote authenticated managers can cause disk I/O by sending crafted keyword arguments to the ReStructuredText transform in Python scripts, enabling potential file writes to the server. Root cause is exposed via docutil...
CVE-2021-33509
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...