Lucene search

K
cveRedhatCVE-2012-2073
HistoryAug 14, 2012 - 11:55 p.m.

CVE-2012-2073

2012-08-1423:55:01
CWE-264
redhat
web.nvd.nist.gov
24
4
cve-2012-2073
drupal
security vulnerability
remote code execution
permission bypass

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.004

Percentile

74.7%

The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the “use PHP for settings” permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.

Affected configurations

Nvd
Node
kristof_de_jaegerbundle_copyMatch7.x-1.0
OR
kristof_de_jaegerbundle_copyMatch7.x-1.x
AND
drupaldrupalMatch-
VendorProductVersionCPE
kristof_de_jaegerbundle_copy7.x-1.0cpe:2.3:a:kristof_de_jaeger:bundle_copy:7.x-1.0:*:*:*:*:*:*:*
kristof_de_jaegerbundle_copy7.x-1.xcpe:2.3:a:kristof_de_jaeger:bundle_copy:7.x-1.x:*:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Social References

More

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.004

Percentile

74.7%

Related for CVE-2012-2073