CVE-2012-2073

Sažetak

The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.

Reference

http://drupal.org/node/1506166
http://drupal.org/node/1506420
http://drupalcode.org/project/bundle_copy.git/commit/299bdca
http://osvdb.org/80676
http://secunia.com/advisories/48626
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.securityfocus.com/bid/52811
https://exchange.xforce.ibmcloud.com/vulnerabilities/74439

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:31

Objavljeno

14-08-2012 - 23:55