plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Plone | Plone | 4.0 (including) | 4.0 (including) |
Plone | Plone | 4.1 (including) | 4.1 (including) |
Zope-cmfplone | Ubuntu | hardy | * |