Simplenews Scheduler Project: Security Vulnerabilities
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
CVSS Score
6.0
EPSS Score
0.005
Published
2012-12-03