Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2067

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2067
Last Modified 05 Sep 2012 12:00:00
Published 04 Sep 2012 08:55:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2067

Summary

Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Ckeditor 6.x-1.0

  • Ckeditor 6.x-1.1

  • Ckeditor 6.x-1.2

  • Ckeditor 6.x-1.3

  • Ckeditor 6.x-1.4

  • Ckeditor 6.x-1.5

  • Ckeditor 6.x-1.6

  • Ckeditor 6.x-1.7

  • Ckeditor 6.x-1.x

  • Ckeditor 7.x-1.0

  • Ckeditor 7.x-1.1

  • Ckeditor 7.x-1.2

  • Ckeditor 7.x-1.3

  • Ckeditor 7.x-1.4

  • Ckeditor 7.x-1.5

  • Ckeditor 7.x-1.6

  • Ckeditor 7.x-1.x

  • Fckeditor 6.x-1.1

  • Fckeditor 6.x-1.2

  • Fckeditor 6.x-1.2-1

  • Fckeditor 6.x-1.3

  • Fckeditor 6.x-1.4

  • Fckeditor 6.x-1.x

  • Fckeditor 6.x-2.0

  • Fckeditor 6.x-2.1

  • Fckeditor 6.x-2.2

  • Fckeditor 6.x-2.3

  • Fckeditor 6.x-2.x


References

XF - ckeditor-drupal-code-execution(74037)

OSVDB - 80080

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

SECUNIA - 48435

MISC - http://drupal.org/node/1482528

CONFIRM - http://drupal.org/node/1482480

CONFIRM - http://drupal.org/node/1482466

CONFIRM - http://drupal.org/node/1482442


Last Updated: 27 May 2016 11:00:27