CVE-2012-1625

https://notcve.org/view.php?id=CVE-2012-1625

Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information. Vulnerabilidad de inyección mediante eval en la función fillpdf_form_export_decode en fillpdf.admin.inc en el módulo Fill PDF v6.x-1.x anteriores a v6.x-1.16 y v7.x-1.x anteriores a v7.x-1.2 para Drupal, permite a usuarios remotos autenticados con provilegios administrativos sobre PDFs a ejecutar comandos PHP a través de vectores no especificados. NOTA: alguna de esta información se ha obtenido de terceros. • http://drupal.org/node/1394428 http://osvdb.org/78182 http://secunia.com/advisories/47418 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/51288 • CWE-94: Improper Control of Generation of Code ('Code Injection') •