CVE-2012-4954

EUVD-2012-4879
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
vanillaforumsvanilla
𝑥
≤ 2.0.18.4
vanillaforumsvanilla
2.0.0
vanillaforumsvanilla
2.0.1
vanillaforumsvanilla
2.0.2
vanillaforumsvanilla
2.0.3
vanillaforumsvanilla
2.0.4
vanillaforumsvanilla
2.0.5
vanillaforumsvanilla
2.0.6
vanillaforumsvanilla
2.0.7
vanillaforumsvanilla
2.0.8
vanillaforumsvanilla
2.0.9
vanillaforumsvanilla
2.0.10
vanillaforumsvanilla
2.0.11
vanillaforumsvanilla
2.0.12
vanillaforumsvanilla
2.0.13
vanillaforumsvanilla
2.0.14
vanillaforumsvanilla
2.0.15
vanillaforumsvanilla
2.0.16
vanillaforumsvanilla
2.0.16.1
vanillaforumsvanilla
2.0.17
vanillaforumsvanilla
2.0.17.1
vanillaforumsvanilla
2.0.17.2
vanillaforumsvanilla
2.0.17.3
vanillaforumsvanilla
2.0.17.4
vanillaforumsvanilla
2.0.17.5
vanillaforumsvanilla
2.0.17.6
vanillaforumsvanilla
2.0.17.7
vanillaforumsvanilla
2.0.17.8
vanillaforumsvanilla
2.0.17.9
vanillaforumsvanilla
2.0.17.10
vanillaforumsvanilla
2.0.18
vanillaforumsvanilla
2.0.18:alpha3
vanillaforumsvanilla
2.0.18:beta1
vanillaforumsvanilla
2.0.18:beta2
vanillaforumsvanilla
2.0.18:beta4
vanillaforumsvanilla
2.0.18:rc1
vanillaforumsvanilla
2.0.18:rc2
vanillaforumsvanilla
2.0.18:rc3
vanillaforumsvanilla
2.0.18.1
vanillaforumsvanilla
2.0.18.3
vanillaforumsvanilla_forums
𝑥
≤ 2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/611988
http://www.securityfocus.com/bid/56483
https://exchange.xforce.ibmcloud.com/vulnerabilities/80000
http://www.kb.cert.org/vuls/id/611988
http://www.securityfocus.com/bid/56483
https://exchange.xforce.ibmcloud.com/vulnerabilities/80000