Description

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Remediation

References

CVE-2011-1950

Related Vulnerabilities

LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16185)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6625)

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11)

WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228)

Sqlite Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2015-3717)

Severity

Medium

Classification

CVE-2011-1950 CWE-264

Tags

Missing Update Known Vulnerabilities