CVE-2009-0662

PlonePAS <3.9-<3.2.2 - Info Disclosure

Title source: llm

Description

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

References (5)

[Third Party Advisory, VDB Entry] http://osvdb.org/53975

[Patch, Vendor Advisory] http://plone.org/products/plone/security/advisories/cve-2009-0662

[Vendor Advisory] http://secunia.com/advisories/34840

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34664

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/50061

Scores

EPSS 0.0046

EPSS Percentile 64.0%

Classification

CWE

CWE-287

Status draft

Affected Products (7)

plone/plonepas

pypi/Products.PlonePAS < 3.9PyPI

Timeline

Published Apr 23, 2009

Tracked Since Feb 18, 2026