4 matches found
GHSA-PVHV-QWC8-R2PG Plone Arbitrary File Read
atdownload.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs Files and Images stored on custom content types via a crafted URL...
Plone Arbitrary File Read
atdownload.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs Files and Images stored on custom content types via a crafted URL...
CVE-2012-5501
Plone vulnerability CVE-2012-5501 affects at_download.py in Plone before 4.2.3 and 4.3 before beta 1, enabling remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. The connected records consistently describe this exact issue and cite Plone-...
CVE-2012-5501
atdownload.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs Files and Images stored on custom content types via a crafted URL...