Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-1625

Опубликовано: 20 сент. 2012
Источник: nvd
CVSS2: 6
EPSS Низкий

Описание

Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.4:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.5:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.6:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.7:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.8:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.9:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.10:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.11:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.12:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.13:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.14:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.15:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00568
Низкий

6 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

github логотип

GHSA-4whv-v32x-qrpg

github
около 3 лет назад

Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information.

EPSS

Процентиль: 68%
0.00568
Низкий

6 Medium

CVSS2

Дефекты

CWE-94