CVE-2006-1711

Publication date 11 April 2006

Last updated 17 July 2025

Ubuntu priority

Description

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
zope-cmfplone	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2006-1711

CVE-2006-1711

Description

Status

References

Other references

Access our resources on patching vulnerabilities