Access Restriction Flaw in ATutor AContent by ATutor
CVE-2012-5454

Currently unrated

Key Information:

Vendor: Atutor
Status: Acontent
Vendor: CVE Published:; 22 October 2012

What is CVE-2012-5454?

The ATutor AContent 1.2-1 application contains an access control vulnerability in the user/index_inline_editor_submit.php file. This flaw allows remote authenticated users to exploit the system by executing crafted requests that modify user passwords without proper authorization. This issue may be linked to an insufficient resolution of a previous vulnerability, highlighting the importance of thorough security measures in web applications.

References

http://osvdb.org/86428

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/56237

vdb-entryx_refsource_BID

http://secunia.com/advisories/51034

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2012
Vulnerability Reserved
Oct 22, 2012

Atutor

What is CVE-2012-5454?

References

Timeline