Description

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.

Remediation

References

CVE-2012-5505

Related Vulnerabilities

phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5173)

WebLogic CVE-2021-2109 Vulnerability (CVE-2021-2109)

MySQL CVE-2020-14631 Vulnerability (CVE-2020-14631)

Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4037)

EspoCRM Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7986)

Severity

Medium

Classification

CVE-2012-5505 CWE-200

Tags

Missing Update Known Vulnerabilities