Vulnerability Description
The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kristof De Jaeger | Bundle Copy | 7.x-1.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1506166Patch
- http://drupal.org/node/1506420PatchVendor Advisory
- http://drupalcode.org/project/bundle_copy.git/commit/299bdca
- http://osvdb.org/80676
- http://secunia.com/advisories/48626Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- http://www.securityfocus.com/bid/52811
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74439
- http://drupal.org/node/1506166Patch
- http://drupal.org/node/1506420PatchVendor Advisory
- http://drupalcode.org/project/bundle_copy.git/commit/299bdca
- http://osvdb.org/80676
- http://secunia.com/advisories/48626Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- http://www.securityfocus.com/bid/52811
FAQ
What is CVE-2012-2073?
CVE-2012-2073 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permiss...
How severe is CVE-2012-2073?
CVE-2012-2073 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2073?
Check the references section above for vendor advisories and patch information. Affected products include: Kristof De Jaeger Bundle Copy, Drupal Drupal.