Description
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slideshow Gallery LITE Multiple Cross-Site Scripting Vulnerabilities (1.6.5)
Oracle JRE CVE-2018-2825 Vulnerability (CVE-2018-2825)
WordPress Plugin Print Invoice & Delivery Notes for WooCommerce Cross-Site Scripting (4.7.1)
Apache HTTP Server Other Vulnerability (CVE-2004-0263)
WordPress Plugin IQ Testimonials Arbitrary File Upload (2.2.7)