Vulnerability Description
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Feeds Project | Feeds | 7.x-2.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1808832PatchVendor Advisory
- http://drupalcode.org/project/feeds.git/commitdiff/a538c20
- http://www.openwall.com/lists/oss-security/2012/11/20/4
- http://drupal.org/node/1808832PatchVendor Advisory
- http://drupalcode.org/project/feeds.git/commitdiff/a538c20
- http://www.openwall.com/lists/oss-security/2012/11/20/4
FAQ
What is CVE-2012-5543?
CVE-2012-5543 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via...
How severe is CVE-2012-5543?
CVE-2012-5543 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5543?
Check the references section above for vendor advisories and patch information. Affected products include: Feeds Project Feeds, Drupal Drupal.