Description

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Remediation

References

CVE-2011-1950

Related Vulnerabilities

MySQL CVE-2015-4800 Vulnerability (CVE-2015-4800)

WordPress Plugin Slider Hero with Animation, Video Background SQL Injection (8.2.6)

WildFly Application Server Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2016-4993)

WordPress Plugin Encrypted Contact Form Multiple Vulnerabilities (1.0.4)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-23797)

Severity

Medium

Classification

CVE-2011-1950 CWE-264

Tags

Missing Update Known Vulnerabilities