at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-09-30T14:00:00
Updated: 2014-09-30T12:57:01
Reserved: 2012-10-24T00:00:00
Link: CVE-2012-5501
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-09-30T14:55:06.610
Modified: 2014-10-01T17:28:42.973
Link: CVE-2012-5501
JSON object: View
Redhat Information
No data.
CWE