Description
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
Remediation
References
Related Vulnerabilities
OpenSSL Cryptographic Issues Vulnerability (CVE-2012-0884)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1902)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2014-3523)
Squid Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-18677)