1 results (0.011 seconds)
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0
CVE-2012-5537
https://notcve.org/view.php?id=CVE-2012-5537
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron. El módulo Simplenews Scheduler v6.x-2.x antes de v6.x-2.4 para Drupal permite a usuarios remotos autenticados con el permiso "envío de boletines programados", inyectar código PHP arbitrario en el formulario de programación, que es posteriormente ejecutado por cron. • http://drupal.org/node/1789274 http://drupal.org/node/1789284 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •