CVE-2012-5168 Information

Description

ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html http://osvdb.org/86428 http://secunia.com/advisories/51014 http://secunia.com/advisories/51034 http://update.atutor.ca/acontent/patch/1_2/ http://www.securityfocus.com/bid/56100 https://exchange.xforce.ibmcloud.com/vulnerabilities/79461 https://exchange.xforce.ibmcloud.com/vulnerabilities/79462 https://www.htbridge.com/advisory/HTB23117