Vulnerabilities > CVE-2006-1711 - Unspecified vulnerability in Plone 2.0.5/2.1.2/2.5Beta1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
plone
nessus
exploit available
NVD
Published: 2006-04-11
Updated: 2024-11-21

Summary

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Vulnerable Configurations

Part Description Count
Application
Plone
3

Exploit-Db

descriptionPlone 2.x MembershipTool Access Control Bypass Vulnerability. CVE-2006-1711. Remote exploit for linux platform
idEDB-ID:27630
last seen2016-02-03
modified2006-04-12
published2006-04-12
reporterMJ0011
sourcehttps://www.exploit-db.com/download/27630/
titlePlone 2.x MembershipTool Access Control Bypass Vulnerability

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_22C6B826CEE011DA857800123FFE8333.NASL
    descriptionSecunia reports : The vulnerability is caused due to missing security declarations in
    last seen2020-06-01
    modified2020-06-02
    plugin id21398
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21398
    titleFreeBSD : plone -- 'member_id' Parameter Portrait Manipulation Vulnerability (22c6b826-cee0-11da-8578-00123ffe8333)
  • NASL familyCGI abuses
    NASL idPLONE_MEMBERSHIPTOOL_ACCESS_CONTROL_BYPASS.NASL
    descriptionThe remote host is running Plone, an open source content manage system written in Python. The version of Plone installed on the remote host does not limit access to the
    last seen2020-06-01
    modified2020-06-02
    plugin id21219
    published2006-04-14
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21219
    titlePlone Unprotected MembershipTool Methods Arbitrary Portrait Manipulation
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1032.NASL
    descriptionIt was discovered that the Plone content management system lacks security declarations for three internal classes. This allows manipulation of user portraits by unprivileged users.
    last seen2020-06-01
    modified2020-06-02
    plugin id22574
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22574
    titleDebian DSA-1032-1 : zope-cmfplone - programming error
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B6C189565FA311DBAD2D0016179B2DD5.NASL
    descriptionThe Plone Team reports : Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the : - changeMemberPortrait - deletePersonalPortrait - testCurrentPassword methods, which allows remote attackers to modify portraits.
    last seen2020-06-01
    modified2020-06-02
    plugin id22889
    published2006-10-20
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22889
    titleFreeBSD : plone -- unprotected MembershipTool methods (b6c18956-5fa3-11db-ad2d-0016179b2dd5)

References