Description
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Remediation
References
Related Vulnerabilities
LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16185)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6625)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11)
WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228)