CVE-2012-5454 - Vulnerability Details - OpenCVE

user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atutor	Acontent

Configuration 1 [-]

cpe:2.3:a:atutor:acontent:1.2:1:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/86428
http://secunia.com/advisories/51034
http://www.securityfocus.com/bid/56237
https://www.htbridge.com/advisory/HTB23117

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-22T23:00:00

Updated: 2024-08-06T21:05:47.236Z

Reserved: 2012-10-22T00:00:00

Link: CVE-2012-5454

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-10-22T23:55:10.243

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-5454

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-18T00:00:00", "descriptions": [{"lang": "en", "value": "user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-04-11T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "86428", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/86428"}, {"name": "56237", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56237"}, {"name": "51034", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51034"}, {"tags": ["x_refsource_MISC"], "url": "https://www.htbridge.com/advisory/HTB23117"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5454", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "86428", "refsource": "OSVDB", "url": "http://osvdb.org/86428"}, {"name": "56237", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56237"}, {"name": "51034", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51034"}, {"name": "https://www.htbridge.com/advisory/HTB23117", "refsource": "MISC", "url": "https://www.htbridge.com/advisory/HTB23117"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:47.236Z"}, "title": "CVE Program Container", "references": [{"name": "86428", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/86428"}, {"name": "56237", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56237"}, {"name": "51034", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51034"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.htbridge.com/advisory/HTB23117"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5454", "datePublished": "2012-10-22T23:00:00", "dateReserved": "2012-10-22T00:00:00", "dateUpdated": "2024-08-06T21:05:47.236Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atutor:acontent:1.2:1:*:*:*:*:*:*", "matchCriteriaId": "A00C7E58-2600-4311-8B7B-793EB50C44D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168."}, {"lang": "es", "value": "user/index_inline_editor_submit.php en ATutor AContent v1.2-1 no restringe de forma adecuada el acceso, lo que permite a usuarios remotos autenticados, lo que permite a usuarios remotos autenticados a modificar contrase\u00f1as de usuarios a trav\u00e9s de una petici\u00f3n manipulada. NOTE: esto podr\u00eda haber sido debido a una soluci\u00f3n incompleta de CVE-2012-5168."}], "id": "CVE-2012-5454", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-22T23:55:10.243", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/86428"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51034"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/56237"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.htbridge.com/advisory/HTB23117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/86428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/56237"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.htbridge.com/advisory/HTB23117"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}