CVE-2012-5537
Severity Score
6.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
El módulo Simplenews Scheduler v6.x-2.x antes de v6.x-2.4 para Drupal permite a usuarios remotos autenticados con el permiso "envío de boletines programados", inyectar código PHP arbitrario en el formulario de programación, que es posteriormente ejecutado por cron.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-10-24 CVE Reserved
- 2012-12-03 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/11/20/4 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1789274 | 2012-12-04 | |
| http://drupal.org/node/1789284 | 2012-12-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Simplenews Scheduler Project Search vendor "Simplenews Scheduler Project" | Simplenews Scheduler Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" | 6.x-2.0 Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" and version "6.x-2.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Simplenews Scheduler Project Search vendor "Simplenews Scheduler Project" | Simplenews Scheduler Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" | 6.x-2.0 Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" and version "6.x-2.0" | beta2 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Simplenews Scheduler Project Search vendor "Simplenews Scheduler Project" | Simplenews Scheduler Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" | 6.x-2.0 Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" and version "6.x-2.0" | beta3 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Simplenews Scheduler Project Search vendor "Simplenews Scheduler Project" | Simplenews Scheduler Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" | 6.x-2.0 Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" and version "6.x-2.0" | beta4 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Simplenews Scheduler Project Search vendor "Simplenews Scheduler Project" | Simplenews Scheduler Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" | 6.x-2.1 Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" and version "6.x-2.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Simplenews Scheduler Project Search vendor "Simplenews Scheduler Project" | Simplenews Scheduler Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" | 6.x-2.2 Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" and version "6.x-2.2" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Simplenews Scheduler Project Search vendor "Simplenews Scheduler Project" | Simplenews Scheduler Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" | 6.x-2.3 Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" and version "6.x-2.3" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Simplenews Scheduler Project Search vendor "Simplenews Scheduler Project" | Simplenews Scheduler Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" | 6.x-2.x Search vendor "Simplenews Scheduler Project" for product "Simplenews Scheduler" and version "6.x-2.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|