Moderate severityNVD Advisory· Published Apr 11, 2006· Updated Apr 16, 2026
CVE-2006-1711
CVE-2006-1711
Description
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
plonePyPI | < 2.0.6 | 2.0.6 |
plonePyPI | >= 2.1.0, <= 2.1.2 | — |
Affected products
3cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- github.com/advisories/GHSA-jcwh-rj6j-vm75ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-1711ghsaADVISORY
- www.debian.org/security/2006/dsa-1032nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/25781nvdWEB
- web.archive.org/web/20060412111111/https://dev.plone.org/plone/ticket/5432ghsaWEB
- web.archive.org/web/20060422195724/http://www.securityfocus.com/bid/17484ghsaWEB
- dev.plone.org/plone/ticket/5432nvd
- secunia.com/advisories/19633nvd
- secunia.com/advisories/19640nvd
- www.securityfocus.com/bid/17484nvd
- www.vupen.com/english/advisories/2006/1340nvd
- svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txtnvd
News mentions
0No linked articles in our index yet.