Back to search
CVE-2012-4954
Published: Nov 15, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
56483
vdb-entry
x_refsource_BID
vanilla-forums-parameter-sec-bypass(80000)
vdb-entry
x_refsource_XF
VU#611988
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now