Description
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
Remediation
References
Related Vulnerabilities
ProjectSend Incorrect Authorization Vulnerability (CVE-2021-40884)
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)
WordPress 4.3.x PHP Object Injection (4.3 - 4.3.25)
WordPress Plugin Handsome Testimonials & Reviews SQL Injection (2.0.7)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000355)