Plone CMS Permissions Privileges and Access Controls Vulnerability - CVE-2012-5501
Reference:
CVE-2012-5501
Title:
Plone CMS Permissions Privileges and Access Controls Vulnerability
Overview:
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.