The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-12-03T21:00:00Z
Updated: 2024-09-17T01:51:42.307Z
Reserved: 2012-10-24T00:00:00Z
Link: CVE-2012-5537
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-12-03T21:55:01.957
Modified: 2024-11-21T01:44:50.727
Link: CVE-2012-5537
Redhat
No data.