CVE-2012-2073
Severity Score
6.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.
El módulo de copia Bundle v7.x-1.x antes de v7.x-1.1 para Drupal no comprueba el permiso de uso de PHP para la configuración ('use PHP for settings') cuando importa una configuración, lo que permite ejecutar código PHP de su elección a usuarios remotos autenticados con determinados permisos a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-04-04 CVE Reserved
- 2012-08-14 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://drupalcode.org/project/bundle_copy.git/commit/299bdca | X_refsource_confirm | |
| http://osvdb.org/80676 | Vdb Entry | |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | Mailing List |
|
| http://www.securityfocus.com/bid/52811 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74439 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1506166 | 2017-08-29 | |
| http://drupal.org/node/1506420 | 2017-08-29 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/48626 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kristof De Jaeger Search vendor "Kristof De Jaeger" | Bundle Copy Search vendor "Kristof De Jaeger" for product "Bundle Copy" | 7.x-1.0 Search vendor "Kristof De Jaeger" for product "Bundle Copy" and version "7.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Kristof De Jaeger Search vendor "Kristof De Jaeger" | Bundle Copy Search vendor "Kristof De Jaeger" for product "Bundle Copy" | 7.x-1.x Search vendor "Kristof De Jaeger" for product "Bundle Copy" and version "7.x-1.x" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|