CVE-2012-4954

The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
vanillaforumsvanilla
𝑥
≤ 2.0.18.4
vanillaforumsvanilla
2.0.0
vanillaforumsvanilla
2.0.1
vanillaforumsvanilla
2.0.2
vanillaforumsvanilla
2.0.3
vanillaforumsvanilla
2.0.4
vanillaforumsvanilla
2.0.5
vanillaforumsvanilla
2.0.6
vanillaforumsvanilla
2.0.7
vanillaforumsvanilla
2.0.8
vanillaforumsvanilla
2.0.9
vanillaforumsvanilla
2.0.10
vanillaforumsvanilla
2.0.11
vanillaforumsvanilla
2.0.12
vanillaforumsvanilla
2.0.13
vanillaforumsvanilla
2.0.14
vanillaforumsvanilla
2.0.15
vanillaforumsvanilla
2.0.16
vanillaforumsvanilla
2.0.16.1
vanillaforumsvanilla
2.0.17
vanillaforumsvanilla
2.0.17.1
vanillaforumsvanilla
2.0.17.2
vanillaforumsvanilla
2.0.17.3
vanillaforumsvanilla
2.0.17.4
vanillaforumsvanilla
2.0.17.5
vanillaforumsvanilla
2.0.17.6
vanillaforumsvanilla
2.0.17.7
vanillaforumsvanilla
2.0.17.8
vanillaforumsvanilla
2.0.17.9
vanillaforumsvanilla
2.0.17.10
vanillaforumsvanilla
2.0.18
vanillaforumsvanilla
2.0.18:alpha3
vanillaforumsvanilla
2.0.18:beta1
vanillaforumsvanilla
2.0.18:beta2
vanillaforumsvanilla
2.0.18:beta4
vanillaforumsvanilla
2.0.18:rc1
vanillaforumsvanilla
2.0.18:rc2
vanillaforumsvanilla
2.0.18:rc3
vanillaforumsvanilla
2.0.18.1
vanillaforumsvanilla
2.0.18.3
vanillaforumsvanilla_forums
𝑥
≤ 2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/611988
http://www.securityfocus.com/bid/56483
https://exchange.xforce.ibmcloud.com/vulnerabilities/80000
http://www.kb.cert.org/vuls/id/611988
http://www.securityfocus.com/bid/56483
https://exchange.xforce.ibmcloud.com/vulnerabilities/80000