Description
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.
Remediation
References
Related Vulnerabilities
ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0204)
WebLogic CVE-2020-2869 Vulnerability (CVE-2020-2869)
SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1200)
PHP Other Vulnerability (CVE-2007-1718)
WordPress Plugin GDPR CCPA Compliance Support PHP Object Injection (2.3)