QwikSec

Security Database

CVE

CWE

Training

CVE-2016-7135

Published: Mar 7, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

x_refsource_MISC

20161019 Multiple Vulnerabilities in Plone CMS

mailing-list

x_refsource_FULLDISC

https://plone.org/security/hotfix/20160830/filesystem-information-leak

x_refsource_CONFIRM

[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities

mailing-list

x_refsource_MLIST

[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities

mailing-list

x_refsource_MLIST

20161012 Multiple Vulnerabilities in Plone CMS

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.