Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Plone ‘sandbox whitelisting’函数权限许可和访问控制漏洞
Vulnerability Description
Plone是美国Plone基金会的一套建立在应用服务器(Zope)上的免费且开源的内容管理系统(CMS)。该系统采用Python语言开发,适用于门户网站、企业内外网站、文档发布系统等。 Plone 4.2.2及之前版本和4.3版本中的‘sandbox whitelisting’函数中存在安全漏洞。远程攻击者可利用该漏洞以特定权限绕过Python沙箱限制,获取受限制Python代码的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A