VULHUB ™

Zope is an open source web application server, maintained by the Zope Project. A problem exists in Zope that may allow a malicious user to gain unauthorized access to resources on the host. Zope does not run the cursory security access checks on any DTMLMethods invoked using the 'fmt' attribute in 'dtml-var' tags. The end result is that it is possible for a user to call DTMLMethods they would not ordinarily have access to.

Zope is an open source web application server, maintained by the Zope Project. A problem exists in Zope that may allow a malicious user to gain unauthorized access to resources on the host. Zope does not run the cursory security access checks on any DTMLMethods invoked using the 'fmt' attribute in 'dtml-var' tags. The end result is that it is possible for a user to call DTMLMethods they would not ordinarily have access to.