Description

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Remediation

References

CVE-2011-1950

Related Vulnerabilities

WordPress Plugin Slideshow Gallery LITE Multiple Vulnerabilities (1.5.3)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-6379)

Squid Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-15810)

MySQL CVE-2015-4890 Vulnerability (CVE-2015-4890)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9127)

Severity

Medium

Classification

CVE-2011-1950 CWE-264

Tags

Missing Update Known Vulnerabilities