Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5543

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5543
Last Modified 04 Dec 2012 12:00:00
Published 03 Dec 2012 04:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5543

Summary

The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.

Vulnerable Systems

Application

  • Feeds Project Feeds 7.x-2.0

  • Feeds Project Feeds 7.x-2.x


References

MLIST - [oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules

CONFIRM - http://drupalcode.org/project/feeds.git/commitdiff/a538c20

MISC - http://drupal.org/node/1808832


Last Updated: 27 May 2016 11:01:26