Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Plone CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2016-7135 - Vulnerability Database
Plone CMS

Plone CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2016-7135

Medium
Reference: CVE-2016-7135
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-7135
Title: Plone CMS Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/themebarceloneta/plone.resourceeditor.filemanager-actions.