Description

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Remediation

References

CVE-2011-1950

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.25)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-35132)

WordPress Plugin Stylish Price List Security Bypass (6.8.14)

WordPress Plugin InfiniteWP Client Security Bypass (1.3.7)

MySQL Observable Discrepancy Vulnerability (CVE-2019-1559)

Severity

Medium

Classification

CVE-2011-1950 CWE-264

Tags

Missing Update Known Vulnerabilities