user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atutor acontent 1.2 |