Unrated severityNVD Advisory· Published Dec 3, 2012· Updated Apr 29, 2026

CVE-2012-5537

Description

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.

Affected products

Simplenews Scheduler Project/Simplenews Scheduler8 versions
cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:simplenews_scheduler_project:simplenews_scheduler:6.x-2.x:dev:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/1789274nvdPatch
drupal.org/node/1789284nvdPatchVendor Advisory
www.openwall.com/lists/oss-security/2012/11/20/4nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000