Code injection

2012-12-0321:55:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the “Title has PHP” option is enabled, allows remote authenticated users with the “Administer OM Maximenu” permission to execute arbitrary PHP code via a “Link Title,” a different vulnerability than CVE-2012-5553.

CPENameOperatorVersion
om_maximenueq<= 6.x-1.43
om_maximenueq6.x-1.0 rc3
om_maximenueq6.x-1.0 rc7
om_maximenueq6.x-1.0 rc5
om_maximenueq6.x-1.0 rc6
om_maximenueq6.x-1.0 rc4
om_maximenueq6.120.10
om_maximenueq6.x-1.0 rc1
om_maximenueq6.x-1.0 rc2
om_maximenueq6.120.11

Name	Operator	Version
om_maximenu	eq	<= 6.x-1.43
om_maximenu	eq	6.x-1.0 rc3
om_maximenu	eq	6.x-1.0 rc7
om_maximenu	eq	6.x-1.0 rc5
om_maximenu	eq	6.x-1.0 rc6
om_maximenu	eq	6.x-1.0 rc4
om_maximenu	eq	6.120.10
om_maximenu	eq	6.x-1.0 rc1
om_maximenu	eq	6.x-1.0 rc2
om_maximenu	eq	6.120.11