CVE-2006-1711

Name of the Vulnerable Software and Affected Versions: Plone versions 2.0.5, 2.1.2, and 2.5-beta1

Description: The issue allows remote attackers to modify portraits due to a lack of access restriction to certain methods. Specifically, the methods changeMemberPortrait, deletePersonalPortrait, and testCurrentPassword are vulnerable. This can lead to a breach of protected information integrity. The exploitation of these vulnerabilities can be done remotely.

Recommendations: For Plone version 2.0.5, restrict access to the changeMemberPortrait, deletePersonalPortrait, and testCurrentPassword methods. For Plone version 2.1.2, restrict access to the changeMemberPortrait, deletePersonalPortrait, and testCurrentPassword methods. For Plone version 2.5-beta1, restrict access to the changeMemberPortrait, deletePersonalPortrait, and testCurrentPassword methods.