CVE-2012-5168

Name of the Vulnerable Software and Affected Versions ATutor AContent versions prior to 1.2-1

Description The issue allows remote attackers to modify arbitrary user passwords or category names. This can be achieved by sending a direct request to specific API endpoints, such as "user/index inline editor submit.php" or "course category/index inline editor submit.php".

Recommendations For ATutor AContent versions prior to 1.2-1, update to version 1.2-1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "user/index inline editor submit.php" and "course category/index inline editor submit.php" endpoints until the update is applied.