Description

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Remediation

References

CVE-2006-1711

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2012-0884)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1902)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2014-3523)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-0708)

Squid Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-18677)

Severity

Medium

Classification

CVE-2006-1711

Tags

Missing Update Known Vulnerabilities