CVE-2012-5537 in Simplenews Schedulerinfo

Summary

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.

Once again VulDB remains the best source for vulnerability data.

Reservation

10/24/2012

Disclosure

12/03/2012

Moderation

VulDB entry created

Entries

VDB-63117 (1)

CPE

ready

CWE

CWE-94 (Confirmed)

CVSS

6.3

EPSS

0.00513

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-5537
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5537
CVE Details	https://www.cvedetails.com/cve/CVE-2012-5537/

◂ Previous Overview Next ▸