Description
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Remediation
References
Related Vulnerabilities
Liferay DXP Session Fixation Vulnerability (CVE-2023-47798)
WordPress Plugin WassUp Real Time Analytics 'spy.php' SQL Injection (1.4.3)
WordPress Plugin Simple Events Calendar SQL Injection (1.4.0)
MySQL CVE-2018-2622 Vulnerability (CVE-2018-2622)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.10.3)