QwikSec

Security Database

CVE

CWE

Training

CVE-2012-1641

Published: Aug 28, 2012

Modified: Sep 16, 2024

PUBLISHED

Description

The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://drupal.org/node/1432320

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

http://drupal.org/node/1432318

x_refsource_CONFIRM

[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017

mailing-list

x_refsource_MLIST

http://drupalcode.org/project/finder.git/commit/bc0cc82

x_refsource_CONFIRM

[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017

mailing-list

x_refsource_MLIST

http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities

x_refsource_MISC

[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

mailing-list

x_refsource_MLIST

https://drupal.org/node/1432970

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.