Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-5537
cve-2012-5537
simplenews
scheduler
drupal
remote code injection
cron
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the “send scheduled newsletters” permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
Affected configurations
Node
simplenews_scheduler_projectsimplenews_schedulerMatch6.x-2.0
ORsimplenews_scheduler_projectsimplenews_schedulerMatch6.x-2.0beta2
ORsimplenews_scheduler_projectsimplenews_schedulerMatch6.x-2.0beta3
ORsimplenews_scheduler_projectsimplenews_schedulerMatch6.x-2.0beta4
ORsimplenews_scheduler_projectsimplenews_schedulerMatch6.x-2.1
ORsimplenews_scheduler_projectsimplenews_schedulerMatch6.x-2.2
ORsimplenews_scheduler_projectsimplenews_schedulerMatch6.x-2.3
ORsimplenews_scheduler_projectsimplenews_schedulerMatch6.x-2.xdev
drupaldrupalMatch-
Related
nvd
nvd
CVE-2012-5537
2012-12-03 21:55:01
cvelist
cvelist
CVE-2012-5537
2022-10-03 16:15:30
prion
prion
Code injection
2012-12-03 21:55:00
drupal
drupal
SA-CONTRIB-2012-146 - Simplenews Scheduler - Arbitrary code execution
2012-09-19 00:00:00
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
Related for CVE-2012-5537