CVE-2012-4954

Опубликовано: 15 нояб. 2012

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.

Ссылки

http://www.kb.cert.org/vuls/id/611988
US Government Resource
http://www.securityfocus.com/bid/56483
https://exchange.xforce.ibmcloud.com/vulnerabilities/80000
http://www.kb.cert.org/vuls/id/611988
US Government Resource
http://www.securityfocus.com/bid/56483
https://exchange.xforce.ibmcloud.com/vulnerabilities/80000

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*

Версия до 2.0.18.4 (включая)

cpe:2.3:a:vanillaforums:vanilla:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.16.1:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17.1:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17.2:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17.3:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17.4:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17.5:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17.6:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17.7:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17.8:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17.9:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.17.10:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.18:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.18:alpha3:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta1:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta2:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta4:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc1:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc2:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc3:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.18.1:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla:2.0.18.3:*:*:*:*:*:*:*

cpe:2.3:a:vanillaforums:vanilla_forums:*:a26:*:*:*:*:*:*

Версия до 2.1 (включая)

EPSS

Процентиль: 77%

0.01022

Низкий

3.5 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-3qh6-c633-q2hf

github

больше 3 лет назад