Zvemahara zvemukati manejimendi system , yakanyorwa muPython uchishandisa Zope application server, zvigamba nekubvisa (CVE zviziviso hazvisati zvapihwa). Matambudziko anokanganisa zvese zvazvino zvaburitswa zvePlone, kusanganisira kuburitswa kwakaburitswa mazuva mashoma apfuura . Nyaya dzakarongwa kuti dzigadziriswe mune ramangwana rekuburitswa kwePlone 4.3.20, 5.1.7 uye 5.2.2, isati yadhindwa iyo yainokurudzirwa kushandisa. .
Kuzivikanwa kusakanganiswa (zvizhinji hazvisati zvaburitswa):
- Kukwidziridzwa kweropafadzo kuburikidza nekugadzirisa kweRest API (inoonekwa chete kana plone.restapi yagoneswa);
- Kutsiviwa kweSQL kodhi nekuda kwekusakwana kutiza kweSQL inovaka muDTML uye zvinhu zvekubatanidza kuDBMS (dambudziko rakanangana ne. uye inoonekwa mune mamwe maapplication akavakirwa pazviri);
- Iko kugona kunyora zvakare zvirimo kuburikidza nemanipulations nePUT nzira pasina kuve nekodzero dzekunyora;
- Vhura redirect mune iyo login fomu;
- Mikana yekutumira zvinongedzo zvekunze zvinongedzo nekupfuura iyo isURLInPortal cheki;
- Pasiwedhi simba cheki inokundikana mune dzimwe nguva;
- Muchinjikwa-saiti scripting (XSS) kuburikidza nekodhi inotsiva mundima yezita.
Source: opennet.ru