CVE-2012-2073

{"id": "CVE-2012-2073", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-14T23:55:01.423", "references": [{"url": "http://drupal.org/node/1506166", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1506420", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://drupalcode.org/project/bundle_copy.git/commit/299bdca", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/80676", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/48626", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/52811", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74439", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the \"use PHP for settings\" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors."}, {"lang": "es", "value": "El m\u00f3dulo de copia Bundle v7.x-1.x antes de v7.x-1.1 para Drupal no comprueba el permiso de uso de PHP para la configuraci\u00f3n ('use PHP for settings') cuando importa una configuraci\u00f3n, lo que permite ejecutar c\u00f3digo PHP de su elecci\u00f3n a usuarios remotos autenticados con determinados permisos a trav\u00e9s de vectores no especificados.\r\n"}], "lastModified": "2017-08-29T01:31:28.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kristof_de_jaeger:bundle_copy:7.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "440C7474-3DA7-4DED-8D48-02B92BB456B6"}, {"criteria": "cpe:2.3:a:kristof_de_jaeger:bundle_copy:7.x-1.x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1272D313-8A8C-4599-9620-CA0D5371BA88"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}