CVE-2012-6065 - OpenCVE

The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Daniel Honrade	Om Maximenu
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:daniel_honrade:om_maximenu::::::::
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.0:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.0:rc1::::::
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.0:rc2::::::
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.0:rc3::::::
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.0:rc4::::::
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.0:rc5::::::
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.0:rc6::::::
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.0:rc7::::::
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.1:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.2:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.3:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.4:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.5:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.6:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.7:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.8:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.9:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.10:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.11:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.12:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.13:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.14:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.15:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.16:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.17:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.18:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.19:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.20:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.21:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.22:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.23:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.24:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.25:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.26:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.27:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.28:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.29:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.30:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.31:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.32:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.33:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.34:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.35:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.36:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.37:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.38:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.39:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.40:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.41:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.42:::::::*
	cpe:2.3:a:daniel_honrade:om_maximenu:6.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1834046
http://drupal.org/node/1834048
http://www.madirish.net/551

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-12-03T21:00:00Z

Updated: 2024-09-17T02:10:41.304Z

Reserved: 2012-12-03T00:00:00Z

Link: CVE-2012-6065

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-12-03T21:55:03.067

Modified: 2012-12-04T05:00:00.000

Link: CVE-2012-6065

Redhat

No data.

Metrics

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object