Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5454

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-5454
Last Modified 10 Apr 2013 11:31:51
Published 22 Oct 2012 07:55:10
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5454

Summary

user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168.

Vulnerable Systems

Application

  • Atutor Acontent 1.2


References

MISC - https://www.htbridge.com/advisory/HTB23117

SECUNIA - 51034

BID - 56237

OSVDB - 86428


Last Updated: 27 May 2016 10:51:46