Safety vulnerability ID: 35683
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.
Latest version: 6.1.1
The Plone Content Management System
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.
BUGTRAQ:20161012 Multiple Vulnerabilities in Plone CMS: http://www.securityfocus.com/archive/1/archive/1/539572/100/0/threaded
FULLDISC:20161019 Multiple Vulnerabilities in Plone CMS: http://seclists.org/fulldisclosure/2016/Oct/80
MLIST:[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities: http://www.openwall.com/lists/oss-security/2016/09/05/4
MLIST:[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities: http://www.openwall.com/lists/oss-security/2016/09/05/5
MISC:http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html: http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html
CONFIRM:https://plone.org/security/hotfix/20160830/filesystem-information-leak: https://plone.org/security/hotfix/20160830/filesystem-information-leak
BID:92752: http://www.securityfocus.com/bid/92752
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application