CVE-2012-5543 in Feeds
Summary
by MITRE
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node s author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/17/2019
The vulnerability described in CVE-2012-5543 affects the Feeds module version 7.x-2.x prior to 7.x-2.0-alpha6 in the Drupal content management system. This represents a critical permission bypass flaw that fundamentally undermines the security model of Drupal's node creation mechanisms. The Feeds module serves as a powerful tool for importing content from external sources into Drupal sites, making it a common and essential component in many web applications. When a field mapping configuration is established to associate imported content with a node's author, the module fails to enforce proper access controls during the import process.
The technical flaw stems from inadequate permission validation within the Feeds module's node creation workflow. Specifically, when processing feeds that contain mapped author fields, the system does not verify whether the importing user possesses the necessary privileges to assign content to specific authors or create nodes with arbitrary authorship. This oversight creates a scenario where unauthorized users can manipulate the author field values during feed processing, effectively allowing them to create nodes that appear to originate from legitimate user accounts. The vulnerability operates at the intersection of configuration-based field mapping and access control enforcement, exploiting a gap in the module's validation logic.
The operational impact of this vulnerability is significant and far-reaching for Drupal installations utilizing the Feeds module. Remote attackers can leverage this weakness to generate arbitrary nodes with spoofed authorship, potentially leading to content injection attacks, spam propagation, or unauthorized content creation. This capability enables malicious actors to bypass normal content moderation workflows and user permission systems, undermining the integrity of the content management platform. The vulnerability particularly affects sites where feed import functionality is exposed to untrusted users or where administrative privileges are not properly restricted during the import process. Attackers could use this vulnerability to create malicious content that appears to come from trusted administrators, potentially leading to social engineering attacks or reputation damage.
The vulnerability aligns with CWE-285, which addresses improper authorization issues, and demonstrates characteristics consistent with ATT&CK technique T1078 for valid accounts and T1566 for phishing with social engineering. Organizations should immediately apply the patch available in Feeds module version 7.x-2.0-alpha6 or later, which implements proper permission checking for author field mappings. Additionally, administrators should review and restrict feed import capabilities to trusted users only, implement proper input validation for feed data, and monitor node creation activities for suspicious patterns. Network segmentation and access control measures should be enforced to limit exposure of feed import endpoints, while regular security audits should verify that field mappings do not inadvertently bypass authorization checks. The fix addresses the core issue by ensuring that all author field assignments undergo proper permission validation before node creation occurs, thereby restoring the expected security boundaries within the Drupal platform.