cbcvebase.
CVE-2006-1711
published 2006-04-11

CVE-2006-1711: Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods…

PriorityP334medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
3.89%
88.9th percentile
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Affected

5 ranges
VendorProductVersion rangeFixed in
ploneplone
ploneplone
ploneplone
ploneplone>= 0 < 2.0.62.0.6
ploneplone2.1.0 – 2.1.2
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.