CVE-2013-7061: Plone Privilege escalation through exposed underlying API
(updated )
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
References
- github.com/advisories/GHSA-4vr8-r7qr-fpvq
- github.com/plone/Products.CMFPlone
- github.com/plone/Products.CMFPlone/commit/a6a3e50f759da7e7ca46e50777a35e51f4d8ed48
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-66.yaml
- github.com/pypa/advisory-database/tree/main/vulns/products-cmfplone/PYSEC-2014-68.yaml
- nvd.nist.gov/vuln/detail/CVE-2013-7061
- plone.org/security/20131210/catalogue-exposure
- pypi.org/project/Products.PloneHotfix20131210
Detect and mitigate CVE-2013-7061 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →