{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T08:15:48.523","vulnerabilities":[{"cve":{"id":"CVE-2016-7135","sourceIdentifier":"cve@mitre.org","published":"2017-03-07T16:59:00.867","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en Plone CMS 5.x hasta la versión 5.0.6 y 4.2.x hasta la versión 4.3.11 permite a administradores remotos leer archivos arbitrarios a travçes de .. (punto punto) en el parámetro path en una acción getFile a Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*","matchCriteriaId":"1F1818BB-E23A-4136-898D-1D0C80C08728"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"5CB06627-133A-40D1-8816-E31E0A9BAD22"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"AE7E448A-2C0C-4DE0-89EA-904718CB6C6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6E727C5C-9E54-49F7-B92C-2492069AAE08"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"BFD68465-4CDC-4788-8932-41335B5C4AC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*","matchCriteriaId":"A7B739E0-FB73-401C-AB1A-E3C1434AA2A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DCC8B987-5173-4C61-8DE6-B70C18EE6FD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*","matchCriteriaId":"38BA31E8-77EC-478B-BC6E-E2F145A8B9BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*","matchCriteriaId":"CE168A35-1A46-4A6F-8A08-25CDD886066D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"CFE0FC06-369B-46CF-9B1E-BAF7AF87E950"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"56571585-E9A2-4B78-B2B1-5D8EADED522A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"2CDF8A15-401C-453E-8D09-8D4CDD4766DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"043B3CBE-DEA2-474D-AA57-1830A470B621"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"08A6842B-B479-4D91-928A-1CCE1DCB936E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"875A368A-F1D6-4795-99CF-A96DBCD1D407"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"B5962C24-BC35-4E27-B81B-E2D21F83FB13"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*","matchCriteriaId":"55BCE259-700F-4E39-8565-99E4DFDA6F9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"CD0755E5-2001-499F-90EA-6C2133D116D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"5893527F-D365-4A39-9104-1B478804F0BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*","matchCriteriaId":"E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*","matchCriteriaId":"E3642637-8B6D-40A0-9A60-EACE70BB0490"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*","matchCriteriaId":"8AF9FB6C-134F-4653-8771-1BF46AB39344"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*","matchCriteriaId":"E22BA768-96DE-408F-8979-4CC58B50A09C"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*","matchCriteriaId":"1672268D-2EFB-4D9E-99D4-AAEFEA659091"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"9EF74DD4-27BB-4881-B324-B53336EF0648"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1C6962EC-8398-4564-9840-AECB3E3D697D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"83D341D6-AB11-444F-88FD-22303D1E3F65"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"58165598-70DB-48AD-BD6E-793B103DC15F"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*","matchCriteriaId":"A98F25E9-C852-458A-B6B9-656B81CC0D33"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Oct/80","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/05/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/05/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539572/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92752","source":"cve@mitre.org"},{"url":"https://plone.org/security/hotfix/20160830/filesystem-information-leak","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Oct/80","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/05/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539572/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92752","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plone.org/security/hotfix/20160830/filesystem-information-leak","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}