Description
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
Remediation
References
Related Vulnerabilities
Envoy Proxy CVE-2024-7207 Vulnerability (CVE-2024-7207)
MySQL CVE-2021-2354 Vulnerability (CVE-2021-2354)
WordPress Plugin Easy PayPal Gift Certificate Multiple Vulnerabilities (1.2.3)
WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)
Ruby Improper Input Validation Vulnerability (CVE-2015-7551)