1. CVE-Search
  2. CVE-2006-1711
ID CVE-2006-1711
Summary Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
References
Vulnerable Configurations
  • cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 17484
confirm https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt
debian DSA-1032
misc http://dev.plone.org/plone/ticket/5432
secunia
  • 19633
  • 19640
vupen ADV-2006-1340
xf plone-memberid-data-manipulation(25781)
Last major update 20-07-2017 - 01:30
Published 11-04-2006 - 18:06
Last modified 20-07-2017 - 01:30
Back to Top