Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4954

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-4954
Last Modified 25 Feb 2013 11:51:03
Published 15 Nov 2012 06:58:40
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-4954

Summary

The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.

Vulnerable Systems

Application

  • Vanillaforums Vanilla Forums 2.0

  • Vanillaforums Vanilla Forums 2.0.1

  • Vanillaforums Vanilla Forums 2.0.10

  • Vanillaforums Vanilla Forums 2.0.11

  • Vanillaforums Vanilla Forums 2.0.12

  • Vanillaforums Vanilla Forums 2.0.13

  • Vanillaforums Vanilla Forums 2.0.14

  • Vanillaforums Vanilla Forums 2.0.15

  • Vanillaforums Vanilla Forums 2.0.16

  • Vanillaforums Vanilla Forums 2.0.16.1

  • Vanillaforums Vanilla Forums 2.0.17

  • Vanillaforums Vanilla Forums 2.0.17.1

  • Vanillaforums Vanilla Forums 2.0.17.10

  • Vanillaforums Vanilla Forums 2.0.17.2

  • Vanillaforums Vanilla Forums 2.0.17.3

  • Vanillaforums Vanilla Forums 2.0.17.4

  • Vanillaforums Vanilla Forums 2.0.17.5

  • Vanillaforums Vanilla Forums 2.0.17.6

  • Vanillaforums Vanilla Forums 2.0.17.7

  • Vanillaforums Vanilla Forums 2.0.17.8

  • Vanillaforums Vanilla Forums 2.0.17.9

  • Vanillaforums Vanilla Forums 2.0.18

  • Vanillaforums Vanilla Forums 2.0.18.1

  • Vanillaforums Vanilla Forums 2.0.18.3

  • Vanillaforums Vanilla Forums 2.0.18.4

  • Vanillaforums Vanilla Forums 2.0.2

  • Vanillaforums Vanilla Forums 2.0.3

  • Vanillaforums Vanilla Forums 2.0.4

  • Vanillaforums Vanilla Forums 2.0.5

  • Vanillaforums Vanilla Forums 2.0.6

  • Vanillaforums Vanilla Forums 2.0.7

  • Vanillaforums Vanilla Forums 2.0.8

  • Vanillaforums Vanilla Forums 2.0.9

  • Vanillaforums Vanilla Forums 2.1


References

CERT-VN - VU#611988

XF - vanilla-forums-parameter-sec-bypass(80000)

BID - 56483


Last Updated: 27 May 2016 11:01:56