7 lines
No EOL
587 B
Text
7 lines
No EOL
587 B
Text
source: http://www.securityfocus.com/bid/17484/info
|
|
|
|
Plone is susceptible to a remote access-control bypass vulnerability. This issue is due to the application's failure to properly enforce privileges to various MembershipTool methods.
|
|
|
|
This issue allows remote, anonymous attackers to modify and delete portrait images of members. This may help attackers exploit latent vulnerabilities in image-rendering software. Other attacks may also be possible.
|
|
|
|
curl -F portrait=<path_to_file> --form-string member_id=[username] http://www.example.com/portal_membership/changeMemberPortrait |