Description

The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.

Remediation

References

CVE-2013-4196

Related Vulnerabilities

MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-34750)

PHP Improper Input Validation Vulnerability (CVE-2011-4153)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-2788)

WordPress 3.9.x Same Origin Method Execution (SOME) Vulnerability (3.9 - 3.9.11)

Internet Information Services Other Vulnerability (CVE-2000-0246)

Severity

Medium

Classification

CVE-2013-4196 CWE-264

Tags

Missing Update Known Vulnerabilities