The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-08-14T23:00:00
Updated: 2024-08-06T19:17:27.836Z
Reserved: 2012-04-04T00:00:00
Link: CVE-2012-2073
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-08-14T23:55:01.423
Modified: 2024-11-21T01:38:26.283
Link: CVE-2012-2073
Redhat
No data.