Description

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Remediation

References

CVE-2012-5489

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-1003050)

Oracle Database Server CVE-2010-3600 Vulnerability (CVE-2010-3600)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17306)

MySQL CVE-2012-0490 Vulnerability (CVE-2012-0490)

WordPress Plugin WP Mobile Detector Arbitrary File Upload (3.5)

Severity

Medium

Classification

CVE-2012-5489 CWE-264

Tags

Missing Update Known Vulnerabilities