Description

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Remediation

References

CVE-2006-1711

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-2511)

WordPress Plugin Weather for us-animated weather widget Crypto Mining (1.8)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4307)

Claroline Other Vulnerability (CVE-2006-3257)

XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-41927)

Severity

Medium

Classification

CVE-2006-1711

Tags

Missing Update Known Vulnerabilities