Description
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
Remediation
References
Related Vulnerabilities
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-11446)
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Arbitrary File Upload (3.4.3)
WordPress Plugin Widgets for WooCommerce Products on Elementor Cross-Site Scripting (1.0.7)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3181)
Drupal Improper Input Validation Vulnerability (CVE-2014-5019)