VIR Vulnerability Intelligence Relay

CVE-2012-4954

low
Published 2012-11-15 · Modified 2026-04-29
CVSS v3
CVSS v2
3.5
VIR risk
3.5

Description

The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact
VendorProductVersionsFixed
vanillaforumsvanilla{"endIncluding":"2.0.18.4"}
vanillaforumsvanilla2.0.0
vanillaforumsvanilla2.0.1
vanillaforumsvanilla2.0.2
vanillaforumsvanilla2.0.3
vanillaforumsvanilla2.0.4
vanillaforumsvanilla2.0.5
vanillaforumsvanilla2.0.6
vanillaforumsvanilla2.0.7
vanillaforumsvanilla2.0.8
vanillaforumsvanilla2.0.9
vanillaforumsvanilla2.0.10
vanillaforumsvanilla2.0.11
vanillaforumsvanilla2.0.12
vanillaforumsvanilla2.0.13
vanillaforumsvanilla2.0.14
vanillaforumsvanilla2.0.15
vanillaforumsvanilla2.0.16
vanillaforumsvanilla2.0.16.1
vanillaforumsvanilla2.0.17
vanillaforumsvanilla2.0.17.1
vanillaforumsvanilla2.0.17.2
vanillaforumsvanilla2.0.17.3
vanillaforumsvanilla2.0.17.4
vanillaforumsvanilla2.0.17.5
vanillaforumsvanilla2.0.17.6
vanillaforumsvanilla2.0.17.7
vanillaforumsvanilla2.0.17.8
vanillaforumsvanilla2.0.17.9
vanillaforumsvanilla2.0.17.10
vanillaforumsvanilla2.0.18
vanillaforumsvanilla2.0.18.1
vanillaforumsvanilla2.0.18.3
vanillaforumsvanilla_forums{"endIncluding":"2.1"}

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.