CyberSec.Space Logo
CVEブラウザに戻る

CVE-2012-5537

MEDIUM
6.0
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile17.67th
Published2012年12月3日
Last Modified2026年4月29日

Vulnerability Description

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.

Affected Platforms (CPE)

📦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.0
📦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.0
📦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.0
📦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.0
📦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.1
📦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.2
📦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.3
📦
Simplenews Scheduler Project

Simplenews Scheduler

= 6.x-2.x

References & Advisories

🔗 http://drupal.org/node/1789274
🔗 http://drupal.org/node/1789284
🔗 http://www.openwall.com/lists/oss-security/2012/11/20/4
🔗 http://drupal.org/node/1789274
🔗 http://drupal.org/node/1789284
🔗 http://www.openwall.com/lists/oss-security/2012/11/20/4

関連する脆弱性情報

CVE-2012-280110.0

Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unkn...

CVE-2012-280210.0

Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8...

CVE-2012-280010.0

Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0....

CVE-2012-280310.0

Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0...