Lucene search

[email protected]CVE-2012-2073

HistoryAug 14, 2012 - 11:55 p.m.

CVE-2012-2073

2012-08-1423:55:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-2073

drupal

security vulnerability

remote code execution

permission bypass

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.7%

JSON

The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the “use PHP for settings” permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.

Affected configurations

NVD

Node

kristof_de_jaegerbundle_copyMatch7.x-1.0

kristof_de_jaegerbundle_copyMatch7.x-1.x

AND

drupaldrupalMatch-

CPENameOperatorVersion
kristof_de_jaeger:bundle_copykristof de jaeger bundle copyeq7.x-1.0
kristof_de_jaeger:bundle_copykristof de jaeger bundle copyeq7.x-1.x

CPE	Name	Operator	Version
kristof_de_jaeger:bundle_copy	kristof de jaeger bundle copy	eq	7.x-1.0
kristof_de_jaeger:bundle_copy	kristof de jaeger bundle copy	eq	7.x-1.x

References

drupal.org/node/1506166

drupal.org/node/1506420

drupalcode.org/project/bundle_copy.git/commit/299bdca

osvdb.org/80676

secunia.com/advisories/48626

www.openwall.com/lists/oss-security/2012/04/07/1

www.securityfocus.com/bid/52811

exchange.xforce.ibmcloud.com/vulnerabilities/74439

Social References

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for CVE-2012-2073

prion1 nvd1 drupal1 cvelist1