Redmine · Redmine · CVE-2012-2054
**Name of the Vulnerable Software and Affected Versions**
Redmine versions prior to 1.3.2
HMIWeb Browser ActiveX Control (affected versions not specified)
**Description**
The issue allows remote attackers to set attributes in various models, including Comment, Document, IssueCategory, MembersController, Message, News, TimeEntry, Version, Wiki, UserPreference, or Board, via a modified URL. This is related to a "mass assignment" vulnerability.
**Recommendations**
For Redmine versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue.
For HMIWeb Browser ActiveX Control, at the moment, there is no information about a newer version that contains a fix for this vulnerability.