Zope vulnerability

ID USN-229-1
Type ubuntu
Reporter Ubuntu
Modified 2005-12-14T00:00:00


Zope did not deactivate the file inclusion feature when exposing RestructuredText functionalities to untrusted users. A remote user with the privilege of editing Zope webpages with RestructuredText could exploit this to expose arbitrary files that can be read with the privileges of the Zope server, or execute arbitrary Zope code.