Description

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.

Remediation

References

CVE-2012-5505

Related Vulnerabilities

WordPress Plugin Meta Box-WordPress Custom Fields Framework Arbitrary File Deletion (4.16.2)

WordPress Plugin Rockhoist Ratings SQL Injection (1.2.1)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-9664)

WordPress Plugin External 'Video for Everybody' Cross-Site Scripting (2.0)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29211)

Severity

Medium

Classification

CVE-2012-5505 CWE-200

Tags

Missing Update Known Vulnerabilities