RSS   Vulnerabilities for 'Simplenews scheduler'   RSS

2012-12-03
 
CVE-2012-5537

CWE-94
 

 
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.

 


Copyright 2024, cxsecurity.com

 

Back to Top