The edit-profile page in Vanilla Forums prior to 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
vanillaforums vanilla 2.0.17.4 |
||
vanillaforums vanilla 2.0.16 |
||
vanillaforums vanilla 2.0.15 |
||
vanillaforums vanilla 2.0.18 |
||
vanillaforums vanilla 2.0.18.1 |
||
vanillaforums vanilla 2.0.17.10 |
||
vanillaforums vanilla 2.0.7 |
||
vanillaforums vanilla 2.0.6 |
||
vanillaforums vanilla 2.0.17.5 |
||
vanillaforums vanilla 2.0.17.2 |
||
vanillaforums vanilla 2.0.14 |
||
vanillaforums vanilla 2.0.13 |
||
vanillaforums vanilla 2.0.17.9 |
||
vanillaforums vanilla 2.0.17.8 |
||
vanillaforums vanilla 2.0.5 |
||
vanillaforums vanilla 2.0.4 |
||
vanillaforums vanilla 2.0.17 |
||
vanillaforums vanilla 2.0.9 |
||
vanillaforums vanilla 2.0.10 |
||
vanillaforums vanilla |
||
vanillaforums vanilla 2.0.18.3 |
||
vanillaforums vanilla 2.0.16.1 |
||
vanillaforums vanilla 2.0.8 |
||
vanillaforums vanilla 2.0.1 |
||
vanillaforums vanilla 2.0.0 |
||
vanillaforums vanilla forums |
||
vanillaforums vanilla 2.0.17.3 |
||
vanillaforums vanilla 2.0.17.1 |
||
vanillaforums vanilla 2.0.12 |
||
vanillaforums vanilla 2.0.11 |
||
vanillaforums vanilla 2.0.17.7 |
||
vanillaforums vanilla 2.0.17.6 |
||
vanillaforums vanilla 2.0.3 |
||
vanillaforums vanilla 2.0.2 |
Vulmon