Description

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Remediation

References

CVE-2012-5489

Related Vulnerabilities

Apache Tomcat Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2021-42340)

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8903)

MySQL CVE-2014-0437 Vulnerability (CVE-2014-0437)

WordPress Plugin ShiftNav-Responsive Mobile Menu Cross-Site Scripting (1.7.1)

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-12309)

Severity

Medium

Classification

CVE-2012-5489 CWE-264

Tags

Missing Update Known Vulnerabilities