Description

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Remediation

References

CVE-2006-1711

Related Vulnerabilities

Apache Traffic Server CVE-2023-30631 Vulnerability (CVE-2023-30631)

Oracle JRE CVE-2013-0437 Vulnerability (CVE-2013-0437)

WordPress Plugin YITH WooCommerce Product Add-Ons Security Bypass (1.5.21)

WordPress 2.6.3 Cross-Site Scripting Vulnerability (0.6.2 - 2.6.3)

WordPress Plugin Banner Cycler Cross-Site Request Forgery (1.4)

Severity

Medium

Classification

CVE-2006-1711

Tags

Missing Update Known Vulnerabilities