7.5
CVSSv2

CVE-2012-5168

Published: 22/10/2012 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

ATutor AContent prior to 1.2-1 allows remote malicious users to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php.

Affected Products

Vendor Product Versions
AtutorAcontent1.2

Mailing Lists

ATutor AContent versions 12 and below suffer from improper authentication, cross site scripting, and remote SQL injection vulnerabilities ...