Code injection

2012-10-3116:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.5%

JSON

The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors.

CPENameOperatorVersion
emaileq6.120.10
emaileq6.120.11
emaileq6.x-1.x dev
emaileq7.x-1.0 beta1
emaileq7.120.10
emaileq7.x-1.0 alpha2
emaileq7.x-1.0 alpha1
emaileq7.x-1.x dev

Name	Operator	Version
email	eq	6.120.10
email	eq	6.120.11
email	eq	6.x-1.x dev
email	eq	7.x-1.0 beta1
email	eq	7.120.10
email	eq	7.x-1.0 alpha2
email	eq	7.x-1.0 alpha1
email	eq	7.x-1.x dev

References

www.openwall.com/lists/oss-security/2012/10/04/6

www.openwall.com/lists/oss-security/2012/10/07/1

drupal.org/node/1761948

drupal.org/node/1761968

drupal.org/node/1762470