Vulnerability Details CVE-2012-5487
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.8%
CVSS Severity
CVSS v2 Score 8.5
References
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://plone.org/products/plone-hotfix/releases/20121106
- https://plone.org/products/plone/security/advisories/20121106/03
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://plone.org/products/plone-hotfix/releases/20121106
- https://plone.org/products/plone/security/advisories/20121106/03
Products affected by CVE-2012-5487
-
cpe:2.3:a:plone:plone:1.0
-
cpe:2.3:a:plone:plone:1.0.1
-
cpe:2.3:a:plone:plone:1.0.2
-
cpe:2.3:a:plone:plone:1.0.3
-
cpe:2.3:a:plone:plone:1.0.4
-
cpe:2.3:a:plone:plone:1.0.5
-
cpe:2.3:a:plone:plone:1.0.6
-
cpe:2.3:a:plone:plone:2.0
-
cpe:2.3:a:plone:plone:2.0.1
-
cpe:2.3:a:plone:plone:2.0.2
-
cpe:2.3:a:plone:plone:2.0.3
-
cpe:2.3:a:plone:plone:2.0.4
-
cpe:2.3:a:plone:plone:2.0.5
-
cpe:2.3:a:plone:plone:2.1
-
cpe:2.3:a:plone:plone:2.1.1
-
cpe:2.3:a:plone:plone:2.1.2
-
cpe:2.3:a:plone:plone:2.1.3
-
cpe:2.3:a:plone:plone:2.1.4
-
cpe:2.3:a:plone:plone:2.5
-
cpe:2.3:a:plone:plone:2.5.1
-
cpe:2.3:a:plone:plone:2.5.2
-
cpe:2.3:a:plone:plone:2.5.3
-
cpe:2.3:a:plone:plone:2.5.4
-
cpe:2.3:a:plone:plone:2.5.5
-
cpe:2.3:a:plone:plone:3.0
-
cpe:2.3:a:plone:plone:3.0.1
-
cpe:2.3:a:plone:plone:3.0.2
-
cpe:2.3:a:plone:plone:3.0.3
-
cpe:2.3:a:plone:plone:3.0.4
-
cpe:2.3:a:plone:plone:3.0.5
-
cpe:2.3:a:plone:plone:3.0.6
-
cpe:2.3:a:plone:plone:3.1
-
cpe:2.3:a:plone:plone:3.1.1
-
cpe:2.3:a:plone:plone:3.1.2
-
cpe:2.3:a:plone:plone:3.1.3
-
cpe:2.3:a:plone:plone:3.1.4
-
cpe:2.3:a:plone:plone:3.1.5.1
-
cpe:2.3:a:plone:plone:3.1.6
-
cpe:2.3:a:plone:plone:3.1.7
-
cpe:2.3:a:plone:plone:3.2
-
cpe:2.3:a:plone:plone:3.2.1
-
cpe:2.3:a:plone:plone:3.2.2
-
cpe:2.3:a:plone:plone:3.2.3
-
cpe:2.3:a:plone:plone:3.3
-
cpe:2.3:a:plone:plone:3.3.0
-
cpe:2.3:a:plone:plone:3.3.1
-
cpe:2.3:a:plone:plone:3.3.2
-
cpe:2.3:a:plone:plone:3.3.3
-
cpe:2.3:a:plone:plone:3.3.4
-
cpe:2.3:a:plone:plone:3.3.5
-
cpe:2.3:a:plone:plone:3.3.6
-
cpe:2.3:a:plone:plone:4.0
-
cpe:2.3:a:plone:plone:4.0.0
-
cpe:2.3:a:plone:plone:4.0.1
-
cpe:2.3:a:plone:plone:4.0.10
-
cpe:2.3:a:plone:plone:4.0.2
-
cpe:2.3:a:plone:plone:4.0.3
-
cpe:2.3:a:plone:plone:4.0.4
-
cpe:2.3:a:plone:plone:4.0.5
-
cpe:2.3:a:plone:plone:4.0.6
-
cpe:2.3:a:plone:plone:4.0.6.1
-
cpe:2.3:a:plone:plone:4.0.7
-
cpe:2.3:a:plone:plone:4.0.8
-
cpe:2.3:a:plone:plone:4.0.9
-
cpe:2.3:a:plone:plone:4.1
-
cpe:2.3:a:plone:plone:4.1.0
-
cpe:2.3:a:plone:plone:4.1.1
-
cpe:2.3:a:plone:plone:4.1.2
-
cpe:2.3:a:plone:plone:4.1.3
-
cpe:2.3:a:plone:plone:4.1.4
-
cpe:2.3:a:plone:plone:4.1.5
-
cpe:2.3:a:plone:plone:4.1.6
-
cpe:2.3:a:plone:plone:4.2
-
cpe:2.3:a:plone:plone:4.2.0
-
cpe:2.3:a:plone:plone:4.2.0.1
-
cpe:2.3:a:plone:plone:4.2.1
-
cpe:2.3:a:plone:plone:4.2.1.1
-
cpe:2.3:a:plone:plone:4.2.2
-
cpe:2.3:a:plone:plone:4.3