Description
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
Published: 2014-09-30
Score: 5.0 Medium
EPSS: 2.6% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2014-0048 python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
Github GHSA Github GHSA GHSA-cxw7-85xm-3xrc Plone Code Injection vulnerability
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T21:05:47.295Z

Reserved: 2012-10-24T00:00:00.000Z

Link: CVE-2012-5488

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-09-30T14:55:05.953

Modified: 2026-06-16T23:46:52.317

Link: CVE-2012-5488

cve-icon Redhat

Severity : Low

Publid Date: 2012-11-06T00:00:00Z

Links: CVE-2012-5488 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')

  • CWE-95

    Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')