CVE-2012-1625

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2012-1625
Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information.

6.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://drupal.org/node/1394428 Patch Vendor Advisory
http://osvdb.org/78182
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://secunia.com/advisories/47418 Vendor Advisory
http://www.securityfocus.com/bid/51288
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.15:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.14:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.9:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.8:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.7:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.6:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.12:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.11:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.13:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.4:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.5:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:6.x-1.10:*:*:*:*:*:*:*
cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
Information

Published : 2012-09-19 20:46

Updated : 2012-09-20 11:12

NVD link : CVE-2012-1625

Mitre link : CVE-2012-1625

JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa
Products Affected

drupal

  • drupal

wizonesolutions

  • fillpdf