Description

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Remediation

References

CVE-2011-1950

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10404)

Claroline Other Vulnerability (CVE-2006-3257)

ZenCart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-11675)

Resin Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-44138)

WordPress Plugin JoomSport-for Sports: Team & League, Football, Hockey & more SQL Injection (3.3)

Severity

Medium

Classification

CVE-2011-1950 CWE-264

Tags

Missing Update Known Vulnerabilities