Description

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Remediation

References

CVE-2006-1711

Related Vulnerabilities

WordPress Plugin Advanced Woo Search Unspecified Vulnerability (1.69)

WordPress Plugin Simple File List Arbitrary File Deletion (4.2.7)

WordPress Plugin Simple Contact Info Arbitrary File Deletion (1.1.9)

Oracle Database Server CVE-2010-0071 Vulnerability (CVE-2010-0071)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-2999)

Severity

Medium

Classification

CVE-2006-1711

Tags

Missing Update Known Vulnerabilities