Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6
CVSSv2

CVE-2012-1641

Published: 28/08/2012 Updated: 29/08/2012
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
VMScore: 534
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Danielb

Vulnerability Summary

The finder_import function in the Finder module 6.x-1.x prior to 6.x-1.26, 7.x-1.x, and 7.x-2.x prior to 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.

Vulnerable Product Search on Vulmon Subscribe to Product

danielb finder 6.x-1.16

danielb finder 6.x-1.15

danielb finder 6.x-1.14

danielb finder 6.x-1.13

danielb finder 6.x-1.0

danielb finder 7.x-1.4

danielb finder 7.x-1.5

danielb finder 7.x-1.6

danielb finder 7.x-2.x

danielb finder 7.x-2.0

danielb finder 6.x-1.20

danielb finder 6.x-1.18

danielb finder 6.x-1.11

danielb finder 6.x-1.9

danielb finder 6.x-1.4

danielb finder 6.x-1.2

danielb finder 7.x-1.0

danielb finder 7.x-1.2

danielb finder 6.x-1.24

danielb finder 6.x-1.23

danielb finder 6.x-1.8

danielb finder 6.x-1.7

danielb finder 6.x-1.6

danielb finder 6.x-1.5

danielb finder 6.x-1.x-dev

danielb finder 7.x-1.x

danielb finder 6.x-1.21

danielb finder 6.x-1.19

danielb finder 6.x-1.17

danielb finder 6.x-1.12

danielb finder 6.x-1.10

danielb finder 6.x-1.3

danielb finder 6.x-1.1

danielb finder 7.x-1.1

danielb finder 7.x-1.3

References

CWE-264http://secunia.com/advisories/47915https://drupal.org/node/1432970http://www.osvdb.org/79014http://drupalcode.org/project/finder.git/commit/bc0cc82http://secunia.com/advisories/47943http://www.openwall.com/lists/oss-security/2012/04/07/1http://drupal.org/node/1432318http://www.openwall.com/lists/oss-security/2012/03/16/9http://drupal.org/node/1432320http://www.openwall.com/lists/oss-security/2012/03/19/9http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilitieshttps://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook