CVE-2006-1711 : Detail

CVE-2006-1711

14.57%V3
Network
2006-04-11
16h00 +00:00
2017-07-19
13h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:N/I:P/A:N nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 27630

Publication date : 2006-04-11 22h00 +00:00
Author : MJ0011
EDB Verified : Yes

source: https://www.securityfocus.com/bid/17484/info Plone is susceptible to a remote access-control bypass vulnerability. This issue is due to the application's failure to properly enforce privileges to various MembershipTool methods. This issue allows remote, anonymous attackers to modify and delete portrait images of members. This may help attackers exploit latent vulnerabilities in image-rendering software. Other attacks may also be possible. curl -F portrait=<path_to_file> --form-string member_id=[username] http://www.example.com/portal_membership/changeMemberPortrait

Products Mentioned

Configuraton 0

Plone>>Plone >> Version 2.0.5

Plone>>Plone >> Version 2.1.2

Plone>>Plone >> Version 2.5_beta1

    References

    http://secunia.com/advisories/19633
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.securityfocus.com/bid/17484
    Tags : vdb-entry, x_refsource_BID
    http://www.debian.org/security/2006/dsa-1032
    Tags : vendor-advisory, x_refsource_DEBIAN
    http://secunia.com/advisories/19640
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/1340
    Tags : vdb-entry, x_refsource_VUPEN