NVD

Id
43926  
Name
CVE-2012-2073  
Description
The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.  
Reject
 
CVSS Version
2  
CVSS Score
6  
Severity
Medium  
CVSS Base Score
6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-08-14  
Modified Date
2012-08-28  
Seq
2012-2073  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
220609 43926 CVE-2012-2073 http://drupal.org/node/1506166  View
220610 43926 CVE-2012-2073 http://drupal.org/node/1506420  View
220611 43926 CVE-2012-2073 http://drupalcode.org/project/bundle_copy.git/commit/299bdca  View
220612 43926 CVE-2012-2073 [oss-security] 20120406 CVE"s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)  View
220613 43926 CVE-2012-2073 52811  View
220614 43926 CVE-2012-2073 bundlecopy-usephp-code-execution(74439)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
27976 JVNDB-2012-003683 Drupal 用の Bundle copy モジュールにおける任意の PHP コードを実行される脆弱性 Drupal 用の Bundle copy モジュールは、設定をインポートする際に、"use PHP for settings" パーミッションをチェックしないため、任意の PHP コードを実行される脆弱性が存在します。 CVE-2012-2073 55311 CVE-2012-2073 43926 6 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003683.html 2012-03-28 2012-08-17 View