CVE-2012-5454

2012-10-22T19:55:10
ID CVE-2012-5454
Type cve
Reporter NVD
Modified 2013-04-10T23:31:51

Description

user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168.