CSRF Vulnerability in Plone Batch ID Change Script

CSRF Vulnerability in Plone Batch ID Change Script

CVE-2012-5500 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.

Learn more about our Web Application Penetration Testing UK.