CVE Database · CVE-2012-5487
CVSS v3.1
N/A
EPSS
1.70%
Published
Sep 30, 2014
Modified
May 6, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Weaknesses (CWE)
Affected Products (72)
References (8)
...and 22 more
