CVE-2012-4954 Information

Description

The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack related to a \parameter manipulation\ issue.

Reference

http://www.kb.cert.org/vuls/id/611988 http://www.securityfocus.com/bid/56483 https://exchange.xforce.ibmcloud.com/vulnerabilities/80000