CVE-2012-5454

Name of the Vulnerable Software and Affected Versions ATutor AContent versions 1.2-1

Description The issue is related to improper access restriction in the user/index inline editor submit.php file, allowing remote authenticated users to modify arbitrary user passwords via a crafted request. This might be due to an incomplete fix for a previous issue.

Recommendations For ATutor AContent versions 1.2-1, restrict access to the user/index inline editor submit.php file to prevent unauthorized password modifications. As a temporary workaround, consider disabling the password modification functionality until a proper fix is applied.