Vulnerabilities > CVE-2012-2067 - Remote Security vulnerability in Fckeditor

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

ckeditor

drupal

NVD

Published: 2012-09-05

Updated: 2017-08-29

Summary

Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. Per http://drupal.org/node/1482528 the versions affected are "FCKeditor 6.x-2.x versions prior to 6.x-2.3, CKEditor 6.x-1.x versions prior to 6.x-1.9, and CKEditor 7.x-1.x versions prior to 7.x-1.7."

Vulnerable Configurations

Part	Description	Count
Application	Ckeditor Ckeditor Fckeditor 6.X-1.1 Ckeditor Fckeditor 6.X-1.2 Ckeditor Fckeditor 6.X-1.2-1 Ckeditor Fckeditor 6.X-1.3 Ckeditor Fckeditor 6.X-1.4 Ckeditor Fckeditor 6.X-1.X Ckeditor Fckeditor 6.X-2.0 Ckeditor Fckeditor 6.X-2.1 Ckeditor Fckeditor 6.X-2.2 Ckeditor Fckeditor 6.X-2.3 Ckeditor Fckeditor 6.X-2.X Ckeditor Ckeditor 6.X-1.0 Ckeditor Ckeditor 6.X-1.1 Ckeditor Ckeditor 6.X-1.2 Ckeditor Ckeditor 6.X-1.3 Ckeditor Ckeditor 6.X-1.4 Ckeditor Ckeditor 6.X-1.5 Ckeditor Ckeditor 6.X-1.6 Ckeditor Ckeditor 6.X-1.7 Ckeditor Ckeditor 6.X-1.X Ckeditor Ckeditor 7.X-1.0 Ckeditor Ckeditor 7.X-1.1 Ckeditor Ckeditor 7.X-1.2 Ckeditor Ckeditor 7.X-1.3 Ckeditor Ckeditor 7.X-1.4 Ckeditor Ckeditor 7.X-1.5 Ckeditor Ckeditor 7.X-1.6 Ckeditor Ckeditor 7.X-1.X	54
Application	Drupal Drupal Drupal -	1

Summary

Vulnerable Configurations

References