CVE-2006-1711

Advisory

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt
• http://dev.plone.org/plone/ticket/5432
• http://www.debian.org/security/2006/dsa-1032
• http://www.securityfocus.com/bid/17484
• http://secunia.com/advisories/19633
• http://secunia.com/advisories/19640
• http://www.vupen.com/english/advisories/2006/1340
• https://exchange.xforce.ibmcloud.com/vulnerabilities/25781
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1711