cbcvebase.
CVE-2012-5487
published 2014-09-30

CVE-2012-5487: The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to…

PriorityP347high8.5CVSS 2.0
AVNACMAuSCCICAC
EPSS
1.70%
74.3th percentile
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

Affected

68 ranges· showing 25
VendorProductVersion rangeFixed in
ploneplone<= 4.2.2
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone
ploneplone

CVSS provenance

nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
vendor_redhat8.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.