Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Plone CMS Permissions Privileges and Access Controls Vulnerability - CVE-2013-4191 - Vulnerability Database
Plone CMS

Plone CMS Permissions Privileges and Access Controls Vulnerability - CVE-2013-4191

Medium
Reference: CVE-2013-4191
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-4191
Title: Plone CMS Permissions Privileges and Access Controls Vulnerability
Overview:

zip.py in Plone 2.1 through 4.1 4.2.x through 4.2.5 and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive which allows remote attackers to obtain sensitive information by reading a generated archive.