CVE-2006-1711

Plone 2.0.5, 2.1.2, 2.5-beta1 - Unauthenticated Arbitrary Portrait Modification via Unrestricted Method Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1711. PoCs published by MJ0011.

AI-analyzed exploit summary This exploit demonstrates an access-control bypass in Plone's MembershipTool, allowing unauthenticated attackers to modify or delete member portrait images via a crafted HTTP request. The vulnerability stems from improper privilege enforcement on the `changeMemberPortrait` method.

Description

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MJ0011 · textremotelinux

https://www.exploit-db.com/exploits/27630

View Code ZIP pw:eip

This exploit demonstrates an access-control bypass in Plone's MembershipTool, allowing unauthenticated attackers to modify or delete member portrait images via a crafted HTTP request. The vulnerability stems from improper privilege enforcement on the `changeMemberPortrait` method.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Plone (versions affected by CVE-2006-1711)

No auth needed

Prerequisites: Access to the target Plone instance · Knowledge of a valid member username

MITRE ATT&CK