Vulnerability Details : CVE-2012-2073
The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.
Products affected by CVE-2012-2073
- cpe:2.3:a:kristof_de_jaeger:bundle_copy:7.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:kristof_de_jaeger:bundle_copy:7.x-1.x:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2073
0.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2073
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2012-2073
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2073
-
http://osvdb.org/80676
-
http://drupal.org/node/1506420
Access to this page has been denied.Patch;Vendor Advisory
-
http://drupal.org/node/1506166
Access to this page has been denied.Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74439
Bundle Copy module for Drupal use PHP for settings code execution CVE-2012-2073 Vulnerability Report
-
http://drupalcode.org/project/bundle_copy.git/commit/299bdca
Access to this page has been denied.
-
http://www.openwall.com/lists/oss-security/2012/04/07/1
oss-security - CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)
-
http://secunia.com/advisories/48626
Sign inVendor Advisory
-
http://www.securityfocus.com/bid/52811
Drupal Bundle Copy Module Arbitrary PHP Code Execution Vulnerability
Jump to