CVE-2006-1711

CVE Database · CVE-2006-1711

CVE-2006-1711

· N/AModified

CVSS v3.1

N/A

EPSS

3.89%

Published

Apr 11, 2006

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

Exploit-DBPlone 2.x - MembershipTool Access Control Bypass

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Affected Products (3)

plone · plonevulnerable

References (16)

http://dev.plone.org/plone/ticket/5432

http://secunia.com/advisories/19633

http://secunia.com/advisories/19640

http://www.debian.org/security/2006/dsa-1032

http://www.securityfocus.com/bid/17484

http://www.vupen.com/english/advisories/2006/1340

https://exchange.xforce.ibmcloud.com/vulnerabilities/25781

https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt

http://dev.plone.org/plone/ticket/5432

http://secunia.com/advisories/19633

http://secunia.com/advisories/19640

http://www.debian.org/security/2006/dsa-1032

KEV Catalog EPSS Scores Vendors All CVEs