Description

mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.

Remediation

References

CVE-2013-4198

Related Vulnerabilities

ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0204)

WebLogic CVE-2020-2869 Vulnerability (CVE-2020-2869)

SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1200)

PHP Other Vulnerability (CVE-2007-1718)

WordPress Plugin GDPR CCPA Compliance Support PHP Object Injection (2.3)

Severity

Medium

Classification

CVE-2013-4198 CWE-264

Tags

Missing Update Known Vulnerabilities