CVE-2012-5537
Published Dec 3, 2012
Last updated 12 years ago
Overview
- Description
- The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-94
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0352D496-A2D6-4DAE-A48D-F6AD44D97CCC"
},
{
"criteria": "cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EEF5973-44FE-42BC-B481-3FC7F346707E"
},
{
"criteria": "cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DF7AF17-7DE2-473B-9AEE-61DB0B5737D5"
},
{
"criteria": "cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AED0DA24-0184-4001-824F-AA5FEC297DD2"
},
{
"criteria": "cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56343C37-B245-4451-BF5C-E2694BCBF468"
},
{
"criteria": "cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A89B49EB-AE12-4BEB-BEF4-5D49C439B370"
},
{
"criteria": "cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9838599C-ECA0-402A-B551-1CE306A33997"
},
{
"criteria": "cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.x:dev:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06B6557E-FD8F-4B2F-8FC1-5E508CC5E424"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]