CyberSec.Space Logo
Back to CVE Browser

CVE-2012-5537

MEDIUM
6.0
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile17.67th
PublishedDec 3, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.

Affected Platforms (CPE)

πŸ“¦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.0
πŸ“¦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.0
πŸ“¦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.0
πŸ“¦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.0
πŸ“¦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.1
πŸ“¦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.2
πŸ“¦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.3
πŸ“¦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.x

References & Advisories

πŸ”— http://drupal.org/node/1789274
πŸ”— http://drupal.org/node/1789284
πŸ”— http://www.openwall.com/lists/oss-security/2012/11/20/4
πŸ”— http://drupal.org/node/1789274
πŸ”— http://drupal.org/node/1789284
πŸ”— http://www.openwall.com/lists/oss-security/2012/11/20/4

Related Vulnerabilities

CVE-2012-525510.0

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 ...

CVE-2012-525610.0

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11....

CVE-2012-280410.0

Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack ...

CVE-2012-525710.0

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 ...