The PlonePAS product 3.x prior to 3.9 and 3.2.x prior to 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
plone plonepas 3.5 |
||
plone plonepas 3.4 |
||
plone plonepas 3.0 |
||
plone plonepas 3.1 |
||
plone plonepas 3.3 |
||
plone plonepas 3.2 |