Description

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."

Remediation

References

CVE-2006-4247

Related Vulnerabilities

ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12170)

PostgreSQL Improper Access Control Vulnerability (CVE-2019-10128)

Sqlite Improper Input Validation Vulnerability (CVE-2016-6153)

WordPress Plugin TagNinja 'id' Parameter Cross-Site Scripting (1.0)

WordPress Plugin WooCommerce Instamojo Cross-Site Scripting (0.0.6)

Severity

Medium

Classification

CVE-2006-4247

Tags

Missing Update Known Vulnerabilities