Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2012-1641

🗓️ 28 Aug 2012 16:00:00Reported by redhatType 
cve
 cve🔗 web.nvd.nist.gov👁 34 Views🌐 WEB

Finder module in Drupal 6.x-1.x before 6.x-1.26 and 7.x-1.x before 7.x-2.0-alpha8 allows remote authenticated admin users to execute arbitrary PHP code

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
Cvelist		CVE-2012-1641
28 Aug 201216:00
cvelist
Drupal		SA-CONTRIB-2012-017 - Finder - Multiple vulnerabilities
8 Feb 201200:00
drupal
EUVD		EUVD-2012-1651
7 Oct 202500:30
euvd
NVD		CVE-2012-1641
28 Aug 201217:55
nvd
Prion		Design/Logic Flaw
28 Aug 201217:55
prion
RedhatCVE		CVE-2012-1641
22 May 202504:04
redhatcve
NVD
Node
danielbfinderMatch6.x-1.0
OR
danielbfinderMatch6.x-1.0alpha1
OR
danielbfinderMatch6.x-1.0alpha10
OR
danielbfinderMatch6.x-1.0alpha11
OR
danielbfinderMatch6.x-1.0alpha12
OR
danielbfinderMatch6.x-1.0alpha13
OR
danielbfinderMatch6.x-1.0alpha14
OR
danielbfinderMatch6.x-1.0alpha15
OR
danielbfinderMatch6.x-1.0alpha16
OR
danielbfinderMatch6.x-1.0alpha17
OR
danielbfinderMatch6.x-1.0alpha18
OR
danielbfinderMatch6.x-1.0alpha19
OR
danielbfinderMatch6.x-1.0alpha2
OR
danielbfinderMatch6.x-1.0alpha20
OR
danielbfinderMatch6.x-1.0alpha21
OR
danielbfinderMatch6.x-1.0alpha22
OR
danielbfinderMatch6.x-1.0alpha23
OR
danielbfinderMatch6.x-1.0alpha24
OR
danielbfinderMatch6.x-1.0alpha25
OR
danielbfinderMatch6.x-1.0alpha26
OR
danielbfinderMatch6.x-1.0alpha27
OR
danielbfinderMatch6.x-1.0alpha28
OR
danielbfinderMatch6.x-1.0alpha3
OR
danielbfinderMatch6.x-1.0alpha4
OR
danielbfinderMatch6.x-1.0alpha5
OR
danielbfinderMatch6.x-1.0alpha6
OR
danielbfinderMatch6.x-1.0alpha7
OR
danielbfinderMatch6.x-1.0alpha8
OR
danielbfinderMatch6.x-1.0alpha9
OR
danielbfinderMatch6.x-1.0beta1
OR
danielbfinderMatch6.x-1.0beta2
OR
danielbfinderMatch6.x-1.0beta3
OR
danielbfinderMatch6.x-1.0rc1
OR
danielbfinderMatch6.x-1.0rc2
OR
danielbfinderMatch6.x-1.0rc3
OR
danielbfinderMatch6.x-1.0rc4
OR
danielbfinderMatch6.x-1.0unstable0
OR
danielbfinderMatch6.x-1.0unstable1
OR
danielbfinderMatch6.x-1.0unstable2
OR
danielbfinderMatch6.x-1.0unstable3
OR
danielbfinderMatch6.x-1.0unstable4
OR
danielbfinderMatch6.x-1.0unstable5
OR
danielbfinderMatch6.x-1.0unstable6
OR
danielbfinderMatch6.x-1.0unstable7
OR
danielbfinderMatch6.x-1.1
OR
danielbfinderMatch6.x-1.2
OR
danielbfinderMatch6.x-1.3
OR
danielbfinderMatch6.x-1.4
OR
danielbfinderMatch6.x-1.5
OR
danielbfinderMatch6.x-1.6
OR
danielbfinderMatch6.x-1.7
OR
danielbfinderMatch6.x-1.8
OR
danielbfinderMatch6.x-1.9
OR
danielbfinderMatch6.x-1.10
OR
danielbfinderMatch6.x-1.11
OR
danielbfinderMatch6.x-1.12
OR
danielbfinderMatch6.x-1.13
OR
danielbfinderMatch6.x-1.14
OR
danielbfinderMatch6.x-1.15
OR
danielbfinderMatch6.x-1.16
OR
danielbfinderMatch6.x-1.17
OR
danielbfinderMatch6.x-1.18
OR
danielbfinderMatch6.x-1.19
OR
danielbfinderMatch6.x-1.20
OR
danielbfinderMatch6.x-1.21
OR
danielbfinderMatch6.x-1.23
OR
danielbfinderMatch6.x-1.24
OR
danielbfinderMatch6.x-1.x-dev
OR
danielbfinderMatch7.x-1.0
OR
danielbfinderMatch7.x-1.1
OR
danielbfinderMatch7.x-1.2
OR
danielbfinderMatch7.x-1.3
OR
danielbfinderMatch7.x-1.4
OR
danielbfinderMatch7.x-1.5
OR
danielbfinderMatch7.x-1.6
OR
danielbfinderMatch7.x-1.xdev
OR
danielbfinderMatch7.x-2.0alpha1
OR
danielbfinderMatch7.x-2.0alpha2
OR
danielbfinderMatch7.x-2.0alpha3
OR
danielbfinderMatch7.x-2.0alpha4
OR
danielbfinderMatch7.x-2.0alpha5
OR
danielbfinderMatch7.x-2.0alpha6
OR
danielbfinderMatch7.x-2.xdev
AND
drupaldrupalMatch-
ParameterPositionPathDescriptionCWE
import_contentrequest bodyadmin/build/finder/importDrupal Finder module import endpoint can lead to arbitrary PHP code execution by remote authenticated users with administer finder permission.CWE-264
coderequest bodyadmin/build/finder/importDrupal Finder module import endpoint can lead to arbitrary PHP code execution by remote authenticated users with administer finder permission.CWE-264
php_coderequest bodyadmin/build/finder/importDrupal Finder module import endpoint can lead to arbitrary PHP code execution by remote authenticated users with administer finder permission.CWE-264
payloadrequest bodyadmin/build/finder/importDrupal Finder module import endpoint can lead to arbitrary PHP code execution by remote authenticated users with administer finder permission.CWE-264

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Apr 2026 01:13Current
7.5High risk
Vulners AI Score7.5
CVSS 26
EPSS0.01402
CWE-264
cve-2012-1641drupalsecurity vulnerabilityremote code executionadmin permission
34