CVE Database · CVE-2012-5489
CVSS v3.1
N/A
EPSS
1.27%
Published
Sep 30, 2014
Modified
May 6, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Weaknesses (CWE)
Affected Products (109)
References (10)
...and 59 more
