Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5168

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5168
Last Modified 10 Apr 2013 11:31:35
Published 22 Oct 2012 07:55:10
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5168

Summary

ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php.

Vulnerable Systems

Application

  • Atutor Acontent 1.2


References

MISC - https://www.htbridge.com/advisory/HTB23117

XF - acontent-indexinlineeditorsubmit-sec-bypass(79462)

XF - acontent-pwd-field-security-bypass(79461)

BID - 56100

CONFIRM - http://update.atutor.ca/acontent/patch/1_2/

SECUNIA - 51034

SECUNIA - 51014

BUGTRAQ - 20121017 Multiple vulnerabilities in AContent

OSVDB - 86428


Last Updated: 27 May 2016 10:49:43