CVE-2009-0662

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

Date published : 2009-04-23

http://www.securityfocus.com/bid/34664

http://plone.org/products/plone/security/advisories/cve-2009-0662