Description
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14846 Vulnerability (CVE-2020-14846)
WordPress Plugin Sports Rankings and Lists Cross-Site Scripting (3.5)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2022-3358)
MongoDb CVE-2025-10061 Vulnerability (CVE-2025-10061)
PostgreSQL Improper Access Control Vulnerability (CVE-2016-0768)