VYPR
Moderate severityNVD Advisory· Published Apr 11, 2006· Updated Jun 16, 2026

CVE-2006-1711

CVE-2006-1711

Description

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
plonePyPI
< 2.0.62.0.6
plonePyPI
>= 2.1.0, <= 2.1.2

Affected products

4
  • cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 2.0.6

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.