Plone and Zope XMLTools Remote Command Execution
Rocco Calvi
- Affected Vendor
- Plone, Zope
- Affected Product
- Plone, Zope
- Exploit Type
- Metasploit Module
- Metasploit Module
exploit/multi/http/plone_popen2
Description
A vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.