WEB APPLICATION VULNERABILITIES Standard & Premium

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4196)

Description

The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.

Remediation

References

Related Vulnerabilities

MySQL CVE-2021-2056 Vulnerability (CVE-2021-2056)

MySQL CVE-2017-3329 Vulnerability (CVE-2017-3329)

CKEditor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-31541)

Liferay DXP CVE-2024-25148 Vulnerability (CVE-2024-25148)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2006-20001)

Severity

Medium

Classification

CVE-2013-4196 CWE-264

Tags

Missing Update Known Vulnerabilities