Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2073

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2012-2073
Last Modified 28 Aug 2012 12:00:00
Published 14 Aug 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-2073

Summary

The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.

Vulnerable Systems

Application

  • Kristof De Jaeger Bundle Copy 7.x-1.0

  • Kristof De Jaeger Bundle Copy 7.x-1.x


References

XF - bundlecopy-usephp-code-execution(74439)

BID - 52811

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

SECUNIA - 48626

OSVDB - 80676

CONFIRM - http://drupalcode.org/project/bundle_copy.git/commit/299bdca

MISC - http://drupal.org/node/1506420

CONFIRM - http://drupal.org/node/1506166


Last Updated: 27 May 2016 10:51:40