CVE-2012-1641 - Vulnerability Details

The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Danielb	Finder
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:danielb:finder:6.x-1.0:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha1::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha10::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha11::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha12::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha13::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha14::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha15::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha16::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha17::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha18::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha19::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha2::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha20::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha21::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha22::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha23::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha24::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha25::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha26::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha27::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha28::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha3::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha4::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha5::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha6::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha7::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha8::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:alpha9::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:beta1::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:beta2::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:beta3::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:rc1::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:rc2::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:rc3::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:rc4::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:unstable0::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:unstable1::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:unstable2::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:unstable3::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:unstable4::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:unstable5::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:unstable6::::::
	cpe:2.3:a:danielb:finder:6.x-1.0:unstable7::::::
	cpe:2.3:a:danielb:finder:6.x-1.1:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.2:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.3:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.4:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.5:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.6:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.7:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.8:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.9:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.10:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.11:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.12:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.13:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.14:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.15:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.16:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.17:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.18:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.19:::::::*
	cpe:2.3:a:danielb:finder:6.x-1.20:::::::*
cpe:2.3:a:danielb:finder:6.x-1.21:::::::*
cpe:2.3:a:danielb:finder:6.x-1.23:::::::*
cpe:2.3:a:danielb:finder:6.x-1.24:::::::*
cpe:2.3:a:danielb:finder:6.x-1.x-dev:::::::*
cpe:2.3:a:danielb:finder:7.x-1.0:::::::*
cpe:2.3:a:danielb:finder:7.x-1.1:::::::*
cpe:2.3:a:danielb:finder:7.x-1.2:::::::*
cpe:2.3:a:danielb:finder:7.x-1.3:::::::*
cpe:2.3:a:danielb:finder:7.x-1.4:::::::*
cpe:2.3:a:danielb:finder:7.x-1.5:::::::*
cpe:2.3:a:danielb:finder:7.x-1.6:::::::*
cpe:2.3:a:danielb:finder:7.x-1.x:dev::::::
cpe:2.3:a:danielb:finder:7.x-2.0:alpha1::::::
cpe:2.3:a:danielb:finder:7.x-2.0:alpha2::::::
cpe:2.3:a:danielb:finder:7.x-2.0:alpha3::::::
cpe:2.3:a:danielb:finder:7.x-2.0:alpha4::::::
cpe:2.3:a:danielb:finder:7.x-2.0:alpha5::::::
cpe:2.3:a:danielb:finder:7.x-2.0:alpha6::::::
cpe:2.3:a:danielb:finder:7.x-2.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1432318
http://drupal.org/node/1432320
http://drupalcode.org/project/finder.git/commit/bc0cc82
http://secunia.com/advisories/47915
http://secunia.com/advisories/47943
http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities
http://www.openwall.com/lists/oss-security/2012/03/16/9
http://www.openwall.com/lists/oss-security/2012/03/19/9
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/79014
https://drupal.org/node/1432970

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-28T16:00:00Z

Updated: 2024-09-16T17:48:22.805Z

Reserved: 2012-03-12T00:00:00Z

Link: CVE-2012-1641

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-08-28T17:55:03.170

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-1641

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-28T16:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1432320"}, {"name": "79014", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/79014"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1432318"}, {"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"}, {"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"}, {"tags": ["x_refsource_MISC"], "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/1432970"}, {"name": "47943", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47943"}, {"name": "47915", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47915"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1641", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/1432320", "refsource": "CONFIRM", "url": "http://drupal.org/node/1432320"}, {"name": "79014", "refsource": "OSVDB", "url": "http://www.osvdb.org/79014"}, {"name": "http://drupal.org/node/1432318", "refsource": "CONFIRM", "url": "http://drupal.org/node/1432318"}, {"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"}, {"name": "http://drupalcode.org/project/finder.git/commit/bc0cc82", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"}, {"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"}, {"name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities", "refsource": "MISC", "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"name": "https://drupal.org/node/1432970", "refsource": "MISC", "url": "https://drupal.org/node/1432970"}, {"name": "47943", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47943"}, {"name": "47915", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47915"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:01:02.839Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1432320"}, {"name": "79014", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/79014"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1432318"}, {"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"}, {"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drupal.org/node/1432970"}, {"name": "47943", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47943"}, {"name": "47915", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47915"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1641", "datePublished": "2012-08-28T16:00:00Z", "dateReserved": "2012-03-12T00:00:00Z", "dateUpdated": "2024-09-16T17:48:22.805Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "ECAB5556-2D6A-4724-8A8C-33A9A56CAB2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "ABC2F8E7-8831-4245-AC98-B6E9BDD5BFE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha10:*:*:*:*:*:*", "matchCriteriaId": "CA4D18A4-7BE0-429D-92F4-9D36AF0B544B", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha11:*:*:*:*:*:*", "matchCriteriaId": "EC31DF6C-43DC-4D14-9652-131E1F6D6087", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha12:*:*:*:*:*:*", "matchCriteriaId": "6C710A9C-492C-420B-846C-88915EC81EFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha13:*:*:*:*:*:*", "matchCriteriaId": "63B0B97E-8B43-4C04-9CD2-62227946189A", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha14:*:*:*:*:*:*", "matchCriteriaId": "D5CB5802-F368-4F45-91F6-5BF7EADD33CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha15:*:*:*:*:*:*", "matchCriteriaId": "F63A4E57-90ED-4B43-AA57-039A07C3BF7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha16:*:*:*:*:*:*", "matchCriteriaId": "6A8E9D3A-0C79-4650-B403-8F0A286E66E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha17:*:*:*:*:*:*", "matchCriteriaId": "959616EB-EFC3-409B-973F-6F7FE30C0741", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha18:*:*:*:*:*:*", "matchCriteriaId": "F7154E41-8216-4561-90F2-F8FD7713CE4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha19:*:*:*:*:*:*", "matchCriteriaId": "601A9856-5A88-4DE1-B751-FA9320806100", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "6D7FA592-38C3-40CE-B6D0-B6511C497E41", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha20:*:*:*:*:*:*", "matchCriteriaId": "5D802E6B-2B2B-4703-90BC-B2E0DD0E8012", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha21:*:*:*:*:*:*", "matchCriteriaId": "3C41609E-4A2B-44F9-9F74-B29BF3628EBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha22:*:*:*:*:*:*", "matchCriteriaId": "70ED9990-E62B-4F7A-8756-850208DECF3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha23:*:*:*:*:*:*", "matchCriteriaId": "5F3C452B-D50D-4F28-8253-9E48365654F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha24:*:*:*:*:*:*", "matchCriteriaId": "EE503058-798A-44F7-8705-027C9C05390D", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha25:*:*:*:*:*:*", "matchCriteriaId": "6704B28D-77D1-4718-AD73-570E0F449D9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha26:*:*:*:*:*:*", "matchCriteriaId": "854B028B-C6BD-4D20-9A27-306CE1B7A696", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha27:*:*:*:*:*:*", "matchCriteriaId": "FC0F76F3-47EB-472D-8822-C4F62455E193", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha28:*:*:*:*:*:*", "matchCriteriaId": "D14A7373-21DA-4A75-BCE6-3655237EA80B", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "C8671C56-AE42-427A-B916-99BC2B605F21", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "F67B2F3C-2546-4262-8FE0-91FE9652CDC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "BD1B7808-8DF0-4ED9-A189-DB23ECFD2B40", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "28E9C8B4-C62E-415A-A819-ABB4594C32DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "2B1748F1-DE07-4914-AB65-F5ED73E5A388", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha8:*:*:*:*:*:*", "matchCriteriaId": "FB86F180-7B28-47BB-B964-13AD6BCA0BE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:alpha9:*:*:*:*:*:*", "matchCriteriaId": "6BDC5314-5AF9-4C99-B296-631AC133C3B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "932C3C72-A9B9-4CA6-8A63-5CBD21080FBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "1DA7DA76-BC39-4589-BDAA-A2BFC9154A94", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "F187D4E5-9220-49F9-B8B3-ACF0D46E4269", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "91C9EAE1-EF5D-43EC-8B5B-7BA7567E35C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "59968AC8-FE0B-40DF-91E1-450EBD52A406", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "38A06CDF-2037-414E-A4AE-E11D2567DFE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "765AC4DC-DF43-41C1-8BDB-9F2A066B8B4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:unstable0:*:*:*:*:*:*", "matchCriteriaId": "60E03E68-97F5-41DB-82F5-11A04DEB3D46", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:unstable1:*:*:*:*:*:*", "matchCriteriaId": "227BB15A-6B03-49A7-9EEC-F858133093AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:unstable2:*:*:*:*:*:*", "matchCriteriaId": "DF5F6248-FF35-4D11-AD09-9DC7B0A10CB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:unstable3:*:*:*:*:*:*", "matchCriteriaId": "A2A674B0-0A7A-4656-8E06-81C6535F1836", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:unstable4:*:*:*:*:*:*", "matchCriteriaId": "1F097AE3-6F40-499E-9735-2C1247D35FDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:unstable5:*:*:*:*:*:*", "matchCriteriaId": "5AD1CE80-0912-4779-AD8C-196847DE6DAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:unstable6:*:*:*:*:*:*", "matchCriteriaId": "8F0C9F57-A9B9-4E72-AFB8-011F7018600A", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.0:unstable7:*:*:*:*:*:*", "matchCriteriaId": "1E12F832-D8E5-4433-9BFD-4B8FC8F803B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "EF325929-15E9-4CE6-BAD7-9685A6DD350A", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0DA87F37-0629-4700-A864-43DE48FFDF06", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6A1C3EA1-656B-4E64-8057-E4FA1ED48BBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D561F6AD-1025-4CB1-8C89-15EE00D1780E", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9B238BF6-95CC-4225-808F-EC564722D714", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.6:*:*:*:*:*:*:*", "matchCriteriaId": "0C4696C0-CAE6-4DA8-982F-D69508EBF885", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.7:*:*:*:*:*:*:*", "matchCriteriaId": "69F7E6CD-F36E-4940-818B-14B0553DE6BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.8:*:*:*:*:*:*:*", "matchCriteriaId": "A11B39CD-79B6-45D9-B74F-119F1ECADBAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.9:*:*:*:*:*:*:*", "matchCriteriaId": "629C326F-3083-4B54-8B8F-CB3ADDB86697", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.10:*:*:*:*:*:*:*", "matchCriteriaId": "400B9BD7-526F-4262-9C15-A62EEAC398AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.11:*:*:*:*:*:*:*", "matchCriteriaId": "58331DD3-9F51-425F-B9CC-E6CD5098730A", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.12:*:*:*:*:*:*:*", "matchCriteriaId": "E70BA3DC-29D2-4B5D-AB77-F671C7096F60", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.13:*:*:*:*:*:*:*", "matchCriteriaId": "6D5F259A-70DC-4B86-BDD1-BF9769D09278", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.14:*:*:*:*:*:*:*", "matchCriteriaId": "7EA6D683-62E9-45D7-B976-BA95A572D66A", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.15:*:*:*:*:*:*:*", "matchCriteriaId": "5F773036-717B-4C9E-96AE-C53A4AD96412", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.16:*:*:*:*:*:*:*", "matchCriteriaId": "DC29EDE4-EB3E-4D55-A9F9-0E3EDAD3AEC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.17:*:*:*:*:*:*:*", "matchCriteriaId": "FD9A8C3A-3333-4FA0-9062-2A32CECF7EC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.18:*:*:*:*:*:*:*", "matchCriteriaId": "7F0745EC-1BFA-436A-932B-E2F37D0751C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.19:*:*:*:*:*:*:*", "matchCriteriaId": "4B457A70-D5CF-40D5-AE1D-C9FA2641C267", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.20:*:*:*:*:*:*:*", "matchCriteriaId": "FD002F99-26D4-4CB1-8671-3DB5A7BFFA72", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.21:*:*:*:*:*:*:*", "matchCriteriaId": "9CD0B4E2-335D-40D3-842B-2DFD37473CD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.23:*:*:*:*:*:*:*", "matchCriteriaId": "C0761F17-D755-4D69-9E11-EC069C8E7320", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.24:*:*:*:*:*:*:*", "matchCriteriaId": "01CC175F-60EA-4747-B2BA-EE6F27256095", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:6.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "8738229B-A0E2-4F6A-873C-10F852C5B670", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDE8A932-C637-43A8-ACA2-3465A700D50D", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E811DDE5-C168-4458-9238-CD581A0DCDC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C2F513BF-9AF4-469B-BC10-CAA04F6E53FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "08839998-1373-4900-8A5D-31739F690587", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E7433E00-08F8-473E-8091-A7907983778F", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-1.5:*:*:*:*:*:*:*", "matchCriteriaId": "2A2E062F-8CC4-4EBE-A628-963C3CB325BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-1.6:*:*:*:*:*:*:*", "matchCriteriaId": "B2C414FE-8E57-4F51-92BE-A73D5B087132", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "A3678827-41F8-4190-9B3A-1FB244681D82", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-2.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "0A645395-F59B-44A3-B7D8-3DB4C69A890D", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-2.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "914F133C-D035-4481-9868-BBF264FE1344", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-2.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "48127582-98BA-41EA-9701-2EF78919624B", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-2.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "E0CF6C6A-AF5A-4DC5-9A55-2361A6776CD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-2.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "33FF98EE-F5BA-44B1-A2AF-32182A0788B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-2.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "144724D3-4DFD-4882-A146-2B9207AC950C", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:finder:7.x-2.x:dev:*:*:*:*:*:*", "matchCriteriaId": "07907C37-E6E2-4B85-B209-6C474F349762", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."}, {"lang": "es", "value": "La funci\u00f3n finder_import en el m\u00f3dulo Finder \r\nv6.x-1.x anterior a v6.x-1.26, v7.x-1.x, y v7.x-2.x anterior a v7.x-2.0-alpha8 para Drupal permite a usuarios remotos autenticados con permisos de administraci\u00f3n del finder ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de admin/build/finder/import."}], "id": "CVE-2012-1641", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-28T17:55:03.170", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1432318"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1432320"}, {"source": "secalert@redhat.com", "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47915"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47943"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/79014"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/1432970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://drupal.org/node/1432318"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://drupal.org/node/1432320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47943"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/79014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/1432970"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object