FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

plone -- "member_id" Parameter Portrait Manipulation Vulnerability

Affected packages
plone < 2.1.2_1

Details

VuXML ID 22c6b826-cee0-11da-8578-00123ffe8333
Discovery 2006-04-13
Entry 2006-04-18

Secunia reports:

The vulnerability is caused due to missing security declarations in "changeMemberPortrait" and "deletePersonalPortrait". This can be exploited to manipulate or delete another user's portrait via the "member_id" parameter.

[source]

References

CVE Name CVE-2006-1711
URL http://dev.plone.org/plone/ticket/5432
URL http://secunia.com/advisories/19633/
URL http://www.debian.org/security/2006/dsa-1032

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.