Lucene search

[email protected]NVD:CVE-2012-2073

HistoryAug 14, 2012 - 11:55 p.m.

CVE-2012-2073

2012-08-1423:55:01

CWE-264

[email protected]

web.nvd.nist.gov

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.7%

JSON

The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the “use PHP for settings” permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.

Affected configurations

NVD

Node

kristof_de_jaegerbundle_copyMatch7.x-1.0

kristof_de_jaegerbundle_copyMatch7.x-1.x

AND

drupaldrupalMatch-

References

drupal.org/node/1506166

drupal.org/node/1506420

drupalcode.org/project/bundle_copy.git/commit/299bdca

osvdb.org/80676

secunia.com/advisories/48626

www.openwall.com/lists/oss-security/2012/04/07/1

www.securityfocus.com/bid/52811

exchange.xforce.ibmcloud.com/vulnerabilities/74439

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for NVD:CVE-2012-2073

cve1 drupal1 cvelist1 prion1