Description

Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.

Remediation

References

CVE-2013-4189

Related Vulnerabilities

PHP multiple vulnerabilities

WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.5)

Oracle Database Server CVE-2009-1967 Vulnerability (CVE-2009-1967)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7950)

Oracle Application Server Other Vulnerability (CVE-2006-5366)

Severity

Medium

Classification

CVE-2013-4189

Tags

Missing Update Known Vulnerabilities