Description

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

Remediation

References

CVE-2009-0662

Related Vulnerabilities

MySQL CVE-2015-0423 Vulnerability (CVE-2015-0423)

WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)

WordPress Plugin User Photo Cross-Site Scripting (0.9.5.1)

WordPress Plugin WooCommerce Product Feed Manager Security Bypass (2.2.3)

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.3)

Severity

Medium

Classification

CVE-2009-0662 CWE-287

Tags

Missing Update Known Vulnerabilities