FreeBSD : plone -- 'member_id' Parameter Portrait Manipulation Vulnerability (22c6b826-cee0-11da-8578-00123ffe8333)
Medium Nessus Plugin ID 21398
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
The vulnerability is caused due to missing security declarations in 'changeMemberPortrait' and 'deletePersonalPortrait'. This can be exploited to manipulate or delete another user's portrait via the 'member_id' parameter.
SolutionUpdate the affected package.