Description
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2006-3706 Vulnerability (CVE-2006-3706)
Oracle Database Server CVE-2010-2412 Vulnerability (CVE-2010-2412)
Jolokia Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-10899)
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Cross-Site Scripting (1.3.6.2)
Apache Tomcat Integer Overflow or Wraparound Vulnerability (CVE-2015-8751)