Published: 03/11/2014 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The batch id change script (renameObjectsByPaths.py) in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to change the titles of content items by leveraging a valid CSRF token in a crafted request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
plone plone 3.3
plone plone 1.0
plone plone 4.0.5
plone plone 3.0.1
plone plone 1.0.3
plone plone 3.0
plone plone 3.2.3
plone plone 3.1.4
plone plone 3.1.5.1
plone plone 2.1.4
plone plone 4.0.2
plone plone 3.3.5
plone plone 3.0.6
plone plone 2.5.4
plone plone 3.2
plone plone 3.1.1
plone plone 4.3
plone plone 2.1.1
plone plone 3.3.4
plone plone 2.0.3
plone plone 1.0.4
plone plone 3.3.2
plone plone 2.0
plone plone 4.1.6
plone plone 4.0.4
plone plone 3.1.7
plone plone 2.5.1
plone plone 4.1
plone plone 2.5.3
plone plone 3.2.2
plone plone 2.0.4
plone plone 2.1.2
plone plone 1.0.1
plone plone 3.0.3
plone plone 3.3.1
plone plone 3.0.4
plone plone 4.1.4
plone plone 2.0.1
plone plone 2.0.2
plone plone 3.1.2
plone plone 3.2.1
plone plone 4.0
plone plone 1.0.2
plone plone 2.0.5
plone plone 4.1.5
plone plone 3.0.5
plone plone 4.0.6.1
plone plone 2.5
plone plone 1.0.6
plone plone 2.5.2
plone plone 4.0.1
plone plone 3.0.2
plone plone 2.1
plone plone 3.1
plone plone
plone plone 3.3.3
plone plone 2.1.3
plone plone 3.1.6
plone plone 3.1.3
plone plone 4.0.3
plone plone 1.0.5
plone plone 2.5.5
plone plone 4.2
plone plone 4.2.1

CWE-352 https://plone.org/products/plone/security/advisories/20121106/16 https://plone.org/products/plone-hotfix/releases/20121106 http://www.openwall.com/lists/oss-security/2012/11/10/1 http://rhn.redhat.com/errata/RHSA-2014-1194.html https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://nvd.nist.gov

CVE-2012-5500

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect