CVE-2013-4197

member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.

Published: Mar 11, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-4197
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
plone / plone	4.2.3	4.2.3.x
plone / plone	4.2.2	4.2.2.x
plone / plone	4.2.5	4.2.5.x
plone / plone	4.2.4	4.2.4.x
plone / plone	4.2	4.2.x
plone / plone	4.2.1	4.2.1.x
plone / plone	4.3	4.3.x
plone / plone	4.3.1	4.3.1.x
plone / plone	3.3	3.3.x
plone / plone	4.0.5	4.0.5.x
plone / plone	3.0.1	3.0.1.x
plone / plone	3.0	3.0.x
plone / plone	3.2.3	3.2.3.x
plone / plone	3.1.4	3.1.4.x
plone / plone	3.1.5.1	3.1.5.1.x
plone / plone	2.1.4	2.1.4.x
plone / plone	4.0.2	4.0.2.x
plone / plone	3.3.5	3.3.5.x
plone / plone	3.0.6	3.0.6.x
plone / plone	2.5.4	2.5.4.x
plone / plone	3.2	3.2.x
plone / plone	3.1.1	3.1.1.x
plone / plone	2.1.1	2.1.1.x
plone / plone	3.3.4	3.3.4.x
plone / plone	3.3.2	3.3.2.x
plone / plone	4.0.4	4.0.4.x
plone / plone	3.1.7	3.1.7.x
plone / plone	2.5.1	2.5.1.x
plone / plone	4.1	4.1.x
plone / plone	2.5.3	2.5.3.x
plone / plone	3.2.2	3.2.2.x
plone / plone	2.1.2	2.1.2.x
plone / plone	3.0.3	3.0.3.x
plone / plone	3.3.1	3.3.1.x
plone / plone	3.0.4	3.0.4.x
plone / plone	3.1.2	3.1.2.x
plone / plone	3.2.1	3.2.1.x
plone / plone	4.0	4.0.x
plone / plone	3.0.5	3.0.5.x
plone / plone	4.0.6.1	4.0.6.1.x
plone / plone	2.5	2.5.x
plone / plone	2.5.2	2.5.2.x
plone / plone	4.0.1	4.0.1.x
plone / plone	3.0.2	3.0.2.x
plone / plone	2.1	2.1.x
plone / plone	3.1	3.1.x
plone / plone	3.3.3	3.3.3.x
plone / plone	2.1.3	2.1.3.x
plone / plone	3.1.6	3.1.6.x
plone / plone	3.1.3	3.1.3.x
plone / plone	4.0.3	4.0.3.x
plone / plone	2.5.5	2.5.5.x

Vulnerability Database

289,784

CVE-2013-4197