Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2001-10-09 21:00
Updated : 2008-09-10 12:10
NVD link : CVE-2001-1278
Mitre link : CVE-2001-1278
JSON object : View
CWE
Products Affected
zope
- zope