CVE-2013-7060
Plone 3.3-4.3.2 - Unauthenticated Installation Path Exposure via FactoryTool File Object
Title source: llmDescription
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://plone.org/security/20131210/path-leak
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/12/3
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/10/15
Scores
EPSS
0.0140
EPSS Percentile
69.2%
Details
CWE
CWE-200
Status
published
Products (35)
plone/plone
3.3
plone/plone
3.3.1
plone/plone
3.3.2
plone/plone
3.3.3
plone/plone
3.3.4
plone/plone
3.3.5
plone/plone
3.3.6
plone/plone
4.0
plone/plone
4.0.1
plone/plone
4.0.2
... and 25 more
Published
May 02, 2014
Tracked Since
Feb 18, 2026