[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-5537Date: (C)2012-12-04   (M)2023-12-22


The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.openwall.com/lists/oss-security/2012/11/20/4
http://drupal.org/node/1789274
http://drupal.org/node/1789284

CPE    9
cpe:/a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.x:dev
cpe:/a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta4
cpe:/a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta3
cpe:/a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0
...
CWE    1
CWE-94

© SecPod Technologies