NVD

Id
46592  
Name
CVE-2012-5454  
Description
user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-10-22  
Modified Date
2013-04-10  
Seq
2012-5454  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
233337 46592 CVE-2012-5454 56237  View
233338 46592 CVE-2012-5454 https://www.htbridge.com/advisory/HTB23117  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29401 JVNDB-2012-005108 ATutor AContent の user/index_inline_editor_submit.php における任意のユーザパスワードを変更される脆弱性 ATutor AContent の user/index_inline_editor_submit.php は、アクセスを適切に制限しないため、任意のユーザパスワードを変更される脆弱性が存在します。 CVE-2012-5454 58692 CVE-2012-5454 46592 6.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005108.html 2012-10-22 2012-10-24 View