CVE-2012-4974

Name of the Vulnerable Software and Affected Versions Layton Helpbox version 4.4.0

Description The issue allows remote authenticated users to change the login context and gain privileges by modifying specific cookies, including loggedinenduser, loggedinendusername, loggedinuserusergroup, loggedinuser, or loggedinusername.

Recommendations For Layton Helpbox version 4.4.0, consider restricting access to sensitive features until a patch is available, and avoid using modified cookies to prevent privilege escalation. As a temporary workaround, restrict the ability to change the login context for authenticated users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.