Description

The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.

Remediation

References

CVE-2013-4196

Related Vulnerabilities

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-6600)

WordPress Plugin WP CleanFix Cross-Site Request Forgery (2.4.4)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38265)

PostgreSQL CVE-2023-2454 Vulnerability (CVE-2023-2454)

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.18)

Severity

Medium

Classification

CVE-2013-4196 CWE-264

Tags

Missing Update Known Vulnerabilities