Family: CGI abuses --> Category: destructive_attack
Plone Unprotected MembershipTool Methods Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to change profiles using Plone
Detailed Explanation for this Vulnerability Test
The remote web server contains a Python application that is affected
by an access control failure.
The remote host is running Plone, an open-source content manage system
written in Python.
The version of Plone installed on the remote host does not limit
access to the 'changeMemberPortrait' and 'deletePersonalPortrait'
MembershipTool methods. An unauthenticated attacker can leverage this
issue to delete member portraits or add / update portraits with
See also :
Either install Hotfix 2006-04-10 1.0 or upgrade to Plone version 2.0.6
/ 2.1.3 / 2.5-beta2 when they become available.
Low / CVSS Base Score : 2.3
Click HERE for more information and discussions on this network vulnerability scan.