Moderate severityNVD Advisory· Published Apr 11, 2006· Updated Jun 16, 2026
CVE-2006-1711
CVE-2006-1711
Description
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
plonePyPI | < 2.0.6 | 2.0.6 |
plonePyPI | >= 2.1.0, <= 2.1.2 | — |
Affected products
4cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-jcwh-rj6j-vm75ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-1711ghsaADVISORY
- www.debian.org/security/2006/dsa-1032nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/25781nvdWEB
- web.archive.org/web/20060412111111/https://dev.plone.org/plone/ticket/5432ghsaWEB
- web.archive.org/web/20060422195724/http://www.securityfocus.com/bid/17484ghsaWEB
- dev.plone.org/plone/ticket/5432nvd
- secunia.com/advisories/19633nvd
- secunia.com/advisories/19640nvd
- www.securityfocus.com/bid/17484nvd
- www.vupen.com/english/advisories/2006/1340nvd
- svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txtnvd
News mentions
0No linked articles in our index yet.