The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-12-03T21:00:00Z

Updated: 2024-09-17T01:51:42.307Z

Reserved: 2012-10-24T00:00:00Z

Link: CVE-2012-5537

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-12-03T21:55:01.957

Modified: 2024-11-21T01:44:50.727

Link: CVE-2012-5537

cve-icon Redhat

No data.