ID CVE-2006-1711
Summary Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
References
Vulnerable Configurations
  • Plone 2.0.5
    cpe:2.3:a:plone:plone:2.0.5
  • Plone 2.1.2
    cpe:2.3:a:plone:plone:2.1.2
  • cpe:2.3:a:plone:plone:2.5_beta1
    cpe:2.3:a:plone:plone:2.5_beta1
CVSS
Base: 5.0 (as of 12-04-2006 - 10:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
description Plone 2.x MembershipTool Access Control Bypass Vulnerability. CVE-2006-1711. Remote exploit for linux platform
id EDB-ID:27630
last seen 2016-02-03
modified 2006-04-12
published 2006-04-12
reporter MJ0011
source https://www.exploit-db.com/download/27630/
title Plone 2.x MembershipTool Access Control Bypass Vulnerability
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B6C189565FA311DBAD2D0016179B2DD5.NASL
    description The Plone Team reports : Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the : - changeMemberPortrait - deletePersonalPortrait - testCurrentPassword methods, which allows remote attackers to modify portraits.
    last seen 2018-12-20
    modified 2018-12-19
    plugin id 22889
    published 2006-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22889
    title FreeBSD : plone -- unprotected MembershipTool methods (b6c18956-5fa3-11db-ad2d-0016179b2dd5)
  • NASL family CGI abuses
    NASL id PLONE_MEMBERSHIPTOOL_ACCESS_CONTROL_BYPASS.NASL
    description The remote host is running Plone, an open source content manage system written in Python. The version of Plone installed on the remote host does not limit access to the 'changeMemberPortrait' and 'deletePersonalPortrait' MembershipTool methods. An unauthenticated attacker can leverage this issue to delete member portraits or add / update portraits with malicious content.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 21219
    published 2006-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21219
    title Plone Unprotected MembershipTool Methods Arbitrary Portrait Manipulation
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_22C6B826CEE011DA857800123FFE8333.NASL
    description Secunia reports : The vulnerability is caused due to missing security declarations in 'changeMemberPortrait' and 'deletePersonalPortrait'. This can be exploited to manipulate or delete another user's portrait via the 'member_id' parameter.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 21398
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21398
    title FreeBSD : plone -- 'member_id' Parameter Portrait Manipulation Vulnerability (22c6b826-cee0-11da-8578-00123ffe8333)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1032.NASL
    description It was discovered that the Plone content management system lacks security declarations for three internal classes. This allows manipulation of user portraits by unprivileged users.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22574
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22574
    title Debian DSA-1032-1 : zope-cmfplone - programming error
refmap via4
bid 17484
confirm https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt
debian DSA-1032
misc http://dev.plone.org/plone/ticket/5432
secunia
  • 19633
  • 19640
vupen ADV-2006-1340
xf plone-memberid-data-manipulation(25781)
Last major update 07-03-2011 - 21:33
Published 11-04-2006 - 14:06
Last modified 19-07-2017 - 21:30
Back to Top