Description
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Help Scout Arbitrary File Upload (2.9)
Moodle DEPRECATED: Code Vulnerability (CVE-2015-3177)
WordPress Plugin FL3R FeelBox Multiple Vulnerabilities (8.1)
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7903)
WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (3.0.17)