Vulnerability Details CVE-2012-5537
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.6%
CVSS Severity
CVSS v2 Score 6.0
References
Products affected by CVE-2012-5537
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0
-
cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.1
-
cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.2
-
cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.3
-
cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.x