CVE-2012-4954
published 2012-11-15CVE-2012-4954: The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value…
PriorityP414low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
1.07%
60.6th percentile
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vanillaforums | vanilla | <= 2.0.18.4 | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2012-11-15
Published