Description

The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.

Remediation

References

CVE-2012-5500

Related Vulnerabilities

WordPress Plugin Calendar Event Multi View SQL Injection (1.01)

LimeSurvey Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-16187)

Oracle Database Server Credentials Management Errors Vulnerability (CVE-2007-6260)

VirtueMart access control bypass

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.6)

Severity

Medium

Classification

CVE-2012-5500 CWE-352

Tags

Missing Update Known Vulnerabilities