Unrated severityNVD Advisory· Published Aug 14, 2012· Updated Jun 16, 2026
CVE-2012-2073
CVE-2012-2073
Description
The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:kristof_de_jaeger:bundle_copy:7.x-1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:kristof_de_jaeger:bundle_copy:7.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:kristof_de_jaeger:bundle_copy:7.x-1.x:*:*:*:*:*:*:*
- Range: <7.x-1.1
Patches
Vulnerability mechanics
References
8- drupal.org/node/1506166nvdPatch
- drupal.org/node/1506420nvdPatchVendor Advisory
- secunia.com/advisories/48626nvdVendor Advisory
- drupalcode.org/project/bundle_copy.git/commit/299bdcanvd
- osvdb.org/80676nvd
- www.openwall.com/lists/oss-security/2012/04/07/1nvd
- www.securityfocus.com/bid/52811nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/74439nvd
News mentions
0No linked articles in our index yet.