VYPR
Unrated severityNVD Advisory· Published Oct 22, 2012· Updated Jun 16, 2026

CVE-2012-5454

CVE-2012-5454

Description

user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168.

Affected products

2
  • Atutor/Acontent2 versions
    cpe:2.3:a:atutor:acontent:1.2:1:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:atutor:acontent:1.2:1:*:*:*:*:*:*
    • (no CPE)range: =1.2-1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.