Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: destructive_attack

Plone Unprotected MembershipTool Methods Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Tries to change profiles using Plone

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a Python application that is affected
by an access control failure.

Description :

The remote host is running Plone, an open-source content manage system
written in Python.

The version of Plone installed on the remote host does not limit
access to the 'changeMemberPortrait' and 'deletePersonalPortrait'
MembershipTool methods. An unauthenticated attacker can leverage this
issue to delete member portraits or add / update portraits with
malicious content.

See also :

Solution :

Either install Hotfix 2006-04-10 1.0 or upgrade to Plone version 2.0.6
/ 2.1.3 / 2.5-beta2 when they become available.

Threat Level:

Low / CVSS Base Score : 2.3

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.