Description

membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.

Remediation

References

CVE-2012-5497

Related Vulnerabilities

Ruby Improper Authentication Vulnerability (CVE-2007-5770)

WordPress Plugin WP Data Access SQL Injection (4.3.1)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9933)

WordPress Plugin Google Analytics Opt-Out Cross-Site Scripting (2.3.4)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5337)

Severity

Medium

Classification

CVE-2012-5497 CWE-200

Tags

Missing Update Known Vulnerabilities