Description

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.

Remediation

References

CVE-2013-7061

Related Vulnerabilities

Oracle JRE CVE-2013-2414 Vulnerability (CVE-2013-2414)

WordPress Plugin WP No External Links Cross-Site Scripting (3.5.15)

WordPress Plugin Product Catalog X Cross-Site Request Forgery (1.5.12)

WordPress Plugin WordPress Calls to Action Multiple Vulnerabilities (2.3.7)

WordPress Plugin The Events Calendar Unspecified Vulnerability (4.0.4)

Severity

Medium

Classification

CVE-2013-7061 CWE-264

Tags

Missing Update Known Vulnerabilities