cbcvebase.
CVE-2012-4954
published 2012-11-15

CVE-2012-4954: The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value…

PriorityP414low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
1.07%
60.6th percentile
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
vanillaforumsvanilla<= 2.0.18.4
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
vanillaforumsvanilla
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.