mail_password.py in Plone 2.1 up to and including 4.1, 4.2.x up to and including 4.2.5, and 4.3.x up to and including 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
plone plone 3.0.4 |
||
plone plone 3.0.5 |
||
plone plone 3.0.6 |
||
plone plone 3.1 |
||
plone plone 3.3.2 |
||
plone plone 3.3.3 |
||
plone plone 3.3.4 |
||
plone plone 3.3.5 |
||
plone plone 4.0.4 |
||
plone plone 4.0.5 |
||
plone plone 4.0.6.1 |
||
plone plone 4.1 |
||
plone plone 3.1.6 |
||
plone plone 3.1.7 |
||
plone plone 3.2 |
||
plone plone 3.2.1 |
||
plone plone 2.5.4 |
||
plone plone 2.5.5 |
||
plone plone 2.1 |
||
plone plone 2.1.1 |
||
plone plone 4.0 |
||
plone plone 4.0.2 |
||
plone plone 3.0.1 |
||
plone plone 3.0.3 |
||
plone plone 3.1.1 |
||
plone plone 3.1.3 |
||
plone plone 3.1.5.1 |
||
plone plone 3.2.2 |
||
plone plone 3.3 |
||
plone plone 2.5.1 |
||
plone plone 2.5.3 |
||
plone plone 2.1.2 |
||
plone plone 2.1.4 |
||
plone plone 4.0.1 |
||
plone plone 4.0.3 |
||
plone plone 3.0 |
||
plone plone 3.0.2 |
||
plone plone 3.1.2 |
||
plone plone 3.1.4 |
||
plone plone 3.2.3 |
||
plone plone 3.3.1 |
||
plone plone 2.5 |
||
plone plone 2.5.2 |
||
plone plone 2.1.3 |
||
plone plone 4.3.1 |
||
plone plone 4.3 |
||
plone plone 4.2 |
||
plone plone 4.2.1 |
||
plone plone 4.2.2 |
||
plone plone 4.2.4 |
||
plone plone 4.2.3 |
||
plone plone 4.2.5 |
Vulmon