ID CVE-2012-5543 Type cve Reporter NVD Modified 2012-12-04T00:00:00
Description
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
{"title": "CVE-2012-5543", "reporter": "NVD", "enchantments": {"vulnersScore": 5.0}, "published": "2012-12-03T16:55:02", "cvelist": ["CVE-2012-5543"], "hash": "3294b243ad0f40a2b0fce55161524242391cff65d33d90411d03ab16e120144c", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5543", "bulletinFamily": "NVD", "id": "CVE-2012-5543", "history": [], "scanner": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "modified": "2012-12-04T00:00:00", "viewCount": 0, "cpe": ["cpe:/a:feeds_project:feeds:7.x-2.0:alpha2", "cpe:/a:feeds_project:feeds:7.x-2.0:alpha3", "cpe:/a:feeds_project:feeds:7.x-2.x", "cpe:/a:feeds_project:feeds:7.x-2.0:alpha1", "cpe:/a:feeds_project:feeds:7.x-2.0:alpha4", "cpe:/a:feeds_project:feeds:7.x-2.0:alpha5"], "edition": 1, "description": "The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.", "references": ["http://drupalcode.org/project/feeds.git/commitdiff/a538c20", "http://drupal.org/node/1808832", "http://www.openwall.com/lists/oss-security/2012/11/20/4"], "lastseen": "2016-09-03T17:16:39", "assessment": {"system": "", "name": "", "href": ""}}
