Vanilla · Vanilla Forums · CVE-2012-4954
**Name of the Vulnerable Software and Affected Versions**
Vanilla Forums versions prior to 2.1a32
**Description**
The issue allows remote authenticated users to modify arbitrary profile settings by manipulating the `UserID` value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
**Recommendations**
For versions prior to 2.1a32, update to version 2.1a32 or later to resolve the issue. As a temporary workaround, consider restricting access to the edit-profile page to minimize the risk of exploitation.