Description

The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.

Remediation

References

CVE-2012-5500

Related Vulnerabilities

WordPress Plugin HTML5 Video Player-Best WordPress Video Player and Block SQL Injection (2.5.26)

WordPress Plugin Cross-RSS Directory Traversal (1.7)

WordPress Plugin CM Download Manager Cross-Site Scripting (2.7.0)

WordPress Plugin Convert Plus Unspecified Vulnerability (3.5.6)

WordPress Plugin AJAX Post Search 'srch_txt' Parameter SQL Injection (1.2)

Severity

Medium

Classification

CVE-2012-5500 CWE-352

Tags

Missing Update Known Vulnerabilities