Description
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
Remediation
References
Related Vulnerabilities
WordPress Plugin Meta Box-WordPress Custom Fields Framework Arbitrary File Deletion (4.16.2)
WordPress Plugin Rockhoist Ratings SQL Injection (1.2.1)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-9664)
WordPress Plugin External 'Video for Everybody' Cross-Site Scripting (2.0)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29211)