Description

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Remediation

References

CVE-2006-1711

Related Vulnerabilities

MySQL CVE-2016-0597 Vulnerability (CVE-2016-0597)

Django Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-31542)

OpenVPN AS Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-33737)

phpBB Improper Input Validation Vulnerability (CVE-2006-2220)

Oracle HTTP Server Improper Input Validation Vulnerability (CVE-2020-35169)

Severity

Medium

Classification

CVE-2006-1711

Tags

Missing Update Known Vulnerabilities