Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Plone CMS Permissions Privileges and Access Controls Vulnerability - CVE-2013-4193 - Vulnerability Database
Plone CMS

Plone CMS Permissions Privileges and Access Controls Vulnerability - CVE-2013-4193

Medium
Reference: CVE-2013-4193
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-4193
Title: Plone CMS Permissions Privileges and Access Controls Vulnerability
Overview:

typeswidget.py in Plone 2.1 through 4.1 4.2.x through 4.2.5 and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms which allows remote attackers to hide fields on the forms via a crafted URL.