5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2012-5500

CVE-2012-5500: Plone contains Cross-site Request Forgery

The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2012-5500

CVE-2012-5500:

5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
plone	pip	< 4.2.3	4.2.3
plone	pip	>= 4.3a1, < 4.3b1	4.3b1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability explicitly references 'renameObjectsByPaths.py' as the affected script. The advisory details indicate the script failed to enforce proper permissions checks, allowing unauthorized title modifications despite CSRF token validation. The CHANGES.txt in Plone 4.2.3 confirms security fixes related to this script, and multiple references (CVE-2012-5500, GHSA-2q75-f7cp-w86q) directly link to this component. The function's role in batch operations and the described attack vector align with the CSRF vulnerability mechanism.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2012-5500: Plone contains Cross-site Request Forgery

CVE-2012-5500:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2012-5500: Plone contains Cross-site Request Forgery

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

5.3

5.3

Basic Information

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI