FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

plone -- unprotected MembershipTool methods

Affected packages
plone < 2.1.2

Details

VuXML ID b6c18956-5fa3-11db-ad2d-0016179b2dd5
Discovery 2006-10-19
Entry 2006-10-19
Modified 2006-10-20

The Plone Team reports:

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the:

methods, which allows remote attackers to modify portraits.

References

CVE Name CVE-2006-1711
URL http://plone.org/products/plone/releases/2.1.4
URL https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt