header-logo
Suggest Exploit
vendor:
Plone
by:
SecurityFocus
7.5
CVSS
HIGH
Access-Control Bypass
284
CWE
Product Name: Plone
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Plone Remote Access-Control Bypass Vulnerability

Plone is susceptible to a remote access-control bypass vulnerability. This issue is due to the application's failure to properly enforce privileges to various MembershipTool methods. This issue allows remote, anonymous attackers to modify and delete portrait images of members. This may help attackers exploit latent vulnerabilities in image-rendering software. Other attacks may also be possible.

Mitigation:

Ensure that access control policies are properly enforced.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17484/info

Plone is susceptible to a remote access-control bypass vulnerability. This issue is due to the application's failure to properly enforce privileges to various MembershipTool methods.

This issue allows remote, anonymous attackers to modify and delete portrait images of members. This may help attackers exploit latent vulnerabilities in image-rendering software. Other attacks may also be possible.

curl -F portrait=<path_to_file> --form-string member_id=[username] http://www.example.com/portal_membership/changeMemberPortrait

Navigation

Suggest Exploit

Services By CQR