CVE-2013-4197

Plone 2.1-4.1, 4.2.x-4.2.5, 4.3.x-4.3.1 - Authenticated Arbitrary Portrait Modification

Title source: llm
STIX 2.1

Description

member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/261
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=978478

Scores

EPSS 0.0126
EPSS Percentile 66.0%

Details

CWE
CWE-20
Status published
Products (50)
plone/plone 4.2
plone/plone 4.2.1
plone/plone 4.2.2
plone/plone 4.2.3
plone/plone 4.2.4
plone/plone 4.2.5
plone/plone 4.3
plone/plone 4.3.1
plone/plone 2.1
plone/plone 2.1.1
... and 40 more
Published Mar 11, 2014
Tracked Since Feb 18, 2026