Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Plone CMS Permissions Privileges and Access Controls Vulnerability - CVE-2012-5489 - Vulnerability Database
Plone CMS

Plone CMS Permissions Privileges and Access Controls Vulnerability - CVE-2012-5489

Medium
Reference: CVE-2012-5489
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-5489
Title: Plone CMS Permissions Privileges and Access Controls Vulnerability
Overview:

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11 as used in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users to gain access to restricted attributes via unspecified vectors.