Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1711

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1711
Last Modified 07 Mar 2011 09:33:38
Published 11 Apr 2006 02:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1711

Summary

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Vulnerable Systems

Application

  • Plone 2.0.5

  • Plone 2.1.2

  • Plone 2.5 Beta1


References

CONFIRM - https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt

VUPEN - ADV-2006-1340

MISC - http://dev.plone.org/plone/ticket/5432

XF - plone-memberid-data-manipulation(25781)

BID - 17484

DEBIAN - DSA-1032

SECUNIA - 19640

SECUNIA - 19633


Last Updated: 27 May 2016 10:42:10