CVE-2012-5537

Опубликовано: 03 дек. 2012

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.

Ссылки

http://drupal.org/node/1789274
Patch
http://drupal.org/node/1789284
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/20/4
http://drupal.org/node/1789274
Patch
http://drupal.org/node/1789284
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/20/4

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:*:*:*:*:*:*:*

cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta2:*:*:*:*:*:*

cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta3:*:*:*:*:*:*

cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta4:*:*:*:*:*:*

cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.1:*:*:*:*:*:*:*

cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.2:*:*:*:*:*:*:*

cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.3:*:*:*:*:*:*:*

cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.x:dev:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00513

Низкий

6 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-99mx-6v2c-6f3v

github

около 3 лет назад