Lucene search

PRIOn knowledge basePRION:CVE-2012-2073

HistoryAug 14, 2012 - 11:55 p.m.

Code injection

2012-08-1423:55:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.7%

JSON

The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the “use PHP for settings” permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.

CPENameOperatorVersion
bundle_copyeq7.120.10
bundle_copyeq7.120.1120

CPE	Name	Operator	Version
	bundle_copy	eq	7.120.10
	bundle_copy	eq	7.120.1120

References

drupalcode.org/project/bundle_copy.git/commit/299bdca

osvdb.org/80676

secunia.com/advisories/48626

www.openwall.com/lists/oss-security/2012/04/07/1

www.securityfocus.com/bid/52811

drupal.org/node/1506166

drupal.org/node/1506420

exchange.xforce.ibmcloud.com/vulnerabilities/74439