Description

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

Remediation

References

CVE-2009-0662

Related Vulnerabilities

Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2018-8778)

Joomla! Core 2.5.x Arbitrary File Upload (2.5.0 - 2.5.13)

Oracle Database Server CVE-2023-22071 Vulnerability (CVE-2023-22071)

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8902)

MongoDb Improper Input Validation Vulnerability (CVE-2019-2389)

Severity

Medium

Classification

CVE-2009-0662 CWE-287

Tags

Missing Update Known Vulnerabilities