Description

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Remediation

References

CVE-2006-1711

Related Vulnerabilities

Moodle Credentials Management Errors Vulnerability (CVE-2014-0008)

WordPress Plugin MailChimp Forms by MailMunch Unspecified Vulnerability (2.0.6.3)

WordPress Plugin Patreon WordPress PHP Object Injection (1.2.1)

Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-29053)

WordPress Plugin WP-Forum 'forum_feed.php' SQL Injection (1.7.8)

Severity

Medium

Classification

CVE-2006-1711

Tags

Missing Update Known Vulnerabilities