Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-5543
cve-2012-5543
feeds module
drupal
remote attackers
arbitrary nodes
permission issue
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.2%
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node’s author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
Affected configurations
Node
feeds_projectfeedsMatch7.x-2.0alpha1
ORfeeds_projectfeedsMatch7.x-2.0alpha2
ORfeeds_projectfeedsMatch7.x-2.0alpha3
ORfeeds_projectfeedsMatch7.x-2.0alpha4
ORfeeds_projectfeedsMatch7.x-2.0alpha5
ORfeeds_projectfeedsMatch7.x-2.x
drupaldrupalMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| feeds_project:feeds | feeds project feeds | eq | 7.x-2.0 |
| feeds_project:feeds | feeds project feeds | eq | 7.x-2.x |
Related
cvelist
cvelist
CVE-2012-5543
2022-10-03 16:15:31
nvd
nvd
CVE-2012-5543
2012-12-03 21:55:02
drupal
drupal
SA-CONTRIB-2012-152 - Feeds - Access bypass
2012-10-10 00:00:00
prion
prion
Code injection
2012-12-03 21:55:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.2%
Related for CVE-2012-5543