Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1641

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2012-1641
Last Modified 29 Aug 2012 12:00:00
Published 28 Aug 2012 01:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-1641

Summary

The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.

Vulnerable Systems

Application

  • Danielb Finder 6.x-1.0

  • Danielb Finder 6.x-1.1

  • Danielb Finder 6.x-1.10

  • Danielb Finder 6.x-1.11

  • Danielb Finder 6.x-1.12

  • Danielb Finder 6.x-1.13

  • Danielb Finder 6.x-1.14

  • Danielb Finder 6.x-1.15

  • Danielb Finder 6.x-1.16

  • Danielb Finder 6.x-1.17

  • Danielb Finder 6.x-1.18

  • Danielb Finder 6.x-1.19

  • Danielb Finder 6.x-1.2

  • Danielb Finder 6.x-1.20

  • Danielb Finder 6.x-1.21

  • Danielb Finder 6.x-1.23

  • Danielb Finder 6.x-1.24

  • Danielb Finder 6.x-1.3

  • Danielb Finder 6.x-1.4

  • Danielb Finder 6.x-1.5

  • Danielb Finder 6.x-1.6

  • Danielb Finder 6.x-1.7

  • Danielb Finder 6.x-1.8

  • Danielb Finder 6.x-1.9

  • Danielb Finder 6.x-1.x-dev

  • Danielb Finder 7.x-1.0

  • Danielb Finder 7.x-1.1

  • Danielb Finder 7.x-1.2

  • Danielb Finder 7.x-1.3

  • Danielb Finder 7.x-1.4

  • Danielb Finder 7.x-1.5

  • Danielb Finder 7.x-1.6

  • Danielb Finder 7.x-1.x

  • Danielb Finder 7.x-2.0

  • Danielb Finder 7.x-2.x


References

MISC - https://drupal.org/node/1432970

OSVDB - 79014

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

MLIST - [oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017

MLIST - [oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017

MISC - http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities

SECUNIA - 47943

SECUNIA - 47915

CONFIRM - http://drupalcode.org/project/finder.git/commit/bc0cc82

CONFIRM - http://drupal.org/node/1432320

CONFIRM - http://drupal.org/node/1432318


Last Updated: 27 May 2016 11:00:23