Description
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
Remediation
References
Related Vulnerabilities
PHP Numeric Errors Vulnerability (CVE-2013-7226)
WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.96)
Java Unspesificed Vulnerability (CVE-2020-14798)
Apache Tomcat Incorrect Default Permissions Vulnerability (CVE-2020-8022)
WordPress Plugin Terillion Reviews Profile Id Cross-Site Scripting (1.1)