Lucene search

PRIOn knowledge basePRION:CVE-2012-5168

HistoryOct 22, 2012 - 11:55 p.m.

Design/Logic Flaw

2012-10-2223:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.1%

JSON

ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php.

CPENameOperatorVersion
acontentle1.2

CPE	Name	Operator	Version
	acontent	le	1.2

References

archives.neohapsis.com/archives/bugtraq/2012-10/0095.html

osvdb.org/86428

secunia.com/advisories/51014

secunia.com/advisories/51034

update.atutor.ca/acontent/patch/1_2/

www.securityfocus.com/bid/56100

exchange.xforce.ibmcloud.com/vulnerabilities/79461

exchange.xforce.ibmcloud.com/vulnerabilities/79462

www.htbridge.com/advisory/HTB23117

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.1%

JSON

Related for PRION:CVE-2012-5168