CVE Daily

CVE-2012-5543

The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mappe...

Medium CVSS 4.3

Overview

The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.

CWE: CWE-264 Published: 2012-12-03T21:55:02.237
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 4.3 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags