The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2012-11-15T11:00:00
Updated: 2024-08-06T20:50:18.236Z
Reserved: 2012-09-17T00:00:00
Link: CVE-2012-4954
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-11-15T11:58:40.103
Modified: 2020-06-04T13:16:32.160
Link: CVE-2012-4954
Redhat
No data.