漏洞类别:Web server漏洞等级: 
漏洞信息
Zope is a scripting language that allows Web masters to design their Web sites in an object oriented way using various means.
Versions of Zope prior to Version 2.2.0 contain a bug that allows malicious users with a valid user account on the server to escalate privileges. This bug exists in the getRoles method.
漏洞危害
If successfully exploited, malicious users with the ability to edit DTML (Zope's native expression language) in the Web site can exploit this vulnerability to grant themselves extra privileges for the duration of a request.
解决方案
Upgrade to the latest release of Zope, which is available for download from Zope's Web site.
0day
文章评论