Description

membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.

Remediation

References

CVE-2012-5497

Related Vulnerabilities

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-14630)

WordPress Plugin Backup Migration Information Disclosure (1.3.5)

WordPress Plugin UserPro-Community and User Profile Privilege Escalation (4.9.27)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14885)

b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-0175)

Severity

Medium

Classification

CVE-2012-5497 CWE-200

Tags

Missing Update Known Vulnerabilities