Access Restriction Bypass Affecting plone package, versions [,4.2.5) [4.3,4.3.1)
Threat Intelligence
EPSS
0.31% (71st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-PLONE-40201
- published 1 Aug 2013
- disclosed 1 Aug 2013
- credit Unknown
Introduced: 1 Aug 2013
CVE-2013-4193 Open this link in a new tabOverview
plone
is a Content Management System.
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL.
References
CVSS Scores
version 3.1