CVE-2006-1711

CVE-2006-1711 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Learn more about our Web Application Penetration Testing UK.