Description
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.17.3)
WordPress Plugin Quotes and Tips by BestWebSoft Cross-Site Scripting (1.32)
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2004-0488)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2196)