CVE-2016-7135

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7135
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7135.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-7135
Aliases
Published
2017-03-07T16:59:00.867Z
Modified
2025-11-27T07:32:42.535151Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.

References

Affected packages

Git / github.com/plone/plone.namedfile

Affected ranges

Type
GIT
Repo
https://github.com/plone/plone.namedfile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00a16beda46de611ce66233e57db2e2aa8f7e283
Last affected
063e7ac36260329561a8217c46f60252b9bf922a
Last affected
29e22ca1987dcae970b89f39a4479171426bb6bf
Last affected
3b42eb99400431313b4520c2889282578f3a8e9a
Last affected
438a3898a1cb1aeadfa5e905a43d48fbb9c24732
Last affected
49fb6e5b7f97a02402bc12219a9d8e7d04c6e217
Last affected
5d4997222da0a134f49b2f7f3ab993b683ab6210
Last affected
68a55dfe9cc8f65975424d2aa964d6ba38023939
Last affected
723179c83d8473f2cbf806005d5d1d466acf584a
Last affected
a032401cf4e229af4ba216db39602c88699dca13
Last affected
b67f856cd88a6d290332c43f286c59b584eb8082
Last affected
b7787c16ced50a6b71390f7b72fed102c15f17bc
Last affected
bab403f2ad39aa1f6e8a66fa92d2a8a8c7546469
Last affected
bbcbbf9feddfc5958feb8626ba9a66dc9062b759

Affected versions

1.*

1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0b5
1.0b6
1.0b7
1.0b8

2.*

2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.1.0

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8

4.*

4.0
4.1
4.1.1
4.1.2
4.2.0

Git / github.com/plone/plone

Affected ranges

Type
GIT
Repo
https://github.com/plone/plone
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
006f2dc3068b6d935e30bbea8e4ba41f6acacf33
Last affected
00a67de4ddd27cdec07ed6f4c834131b492e3f91
Last affected
16257e3b0027d6f811aceff565aca0879d85be7d
Last affected
217e9c10670623e7a06a7bdeca2f80dae73c77d0
Last affected
2183c78b82e1d84deb661043b27356995251de41
Last affected
2a627f292e8b06c376b5c7093189b78f778c96b6
Last affected
3e0c78057de5798ed989d0b2ed9dd12ec39978e1
Last affected
42964e94bc07a40a76496e9746fa10b57c21a2d7
Last affected
4708ff915d63bf21a9434d328fcd0b656bc66d94
Last affected
4d260f76643a633d312b81d568ca5bed57e330e0
Last affected
5d3edca6781cf97ae971db366f847e01887995e2
Last affected
5f05c642ef0796b15e447793755b1bbd8ce40905
Last affected
5fe576e77155d3a1946699472dc064c66e8facb5
Last affected
6371a276e3775cb11070862a0045b34aa1973b12
Last affected
6ffff6a69083367d6d6720444aa067be4899780b
Last affected
7d94a438dde3784322813a399d46c54cd5b864e5
Last affected
829aa2dd9d8f088ebf8f3da49b9e32ba90326135
Last affected
83b346aef1cd7a5ea851fe5c02af4b94648767c6
Last affected
8a6687397896c935b7f2c59b58500fdf234854bb
Last affected
ab50347a0aeb2c3d68b6f7faae6a82d0a0e91516
Last affected
b0a5c6ce2148edc9c2055961f64af788d1054fc4
Last affected
bfad4ef994a9b471fbfb314256df6840f286a032
Last affected
c3d7603485d808537e024883ce401ad504924a5a
Last affected
c4244a4887e0901a1c17b3ee60e1cfbe19ee46c5
Last affected
c7ca35de26093e40ae01ad0778b960cfde71fb3d
Last affected
ccc8eff38984b0a25a5827aabfdb8ab5e798ce30
Last affected
cdf44d1d0bea8b8d48f896ad7821d37715142ccf
Last affected
d4d2a336b6ec125c60610a22a003502858ac51a5
Last affected
d8f0c3f23d11b3ecf37740b454c8698521eb9ef9
Last affected
eb76237a4e6587a8249acfe0649c153d9d1df910
Last affected
f3dd0b7fac24438482e4368280a534f868b75f97

Affected versions

4.*

4.1.0
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc1
4.1rc2
4.1rc3
4.2
4.2.0
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.3
4.3.1
4.3.2
4.3.3
4.3a1
4.3a2
4.3b1
4.3b2

5.*

5.0a2
5.0a3
5.0b1