CVE-2012-5007 - OpenCVE

The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Wizonesolutions	Fillpdf
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.:::::::*
	cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:::::::*
	cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:beta1::::::
	cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:beta2::::::
	cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.1:::::::*
	cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

References

Link	Resource
http://drupal.org/node/1394428	Patch Vendor Advisory
http://osvdb.org/78181
http://secunia.com/advisories/47418	Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.securityfocus.com/bid/51288

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:15:31

Updated: 2022-10-03T16:15:31

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-5007

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-09-20T03:46:36.490

Modified: 2012-09-20T18:47:35.407

Link: CVE-2012-5007

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "51288", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51288"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1394428"}, {"name": "47418", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47418"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"name": "78181", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/78181"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5007", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "51288", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51288"}, {"name": "http://drupal.org/node/1394428", "refsource": "CONFIRM", "url": "http://drupal.org/node/1394428"}, {"name": "47418", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47418"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"name": "78181", "refsource": "OSVDB", "url": "http://osvdb.org/78181"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5007", "datePublished": "2022-10-03T16:15:31", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:31", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.:*:*:*:*:*:*:*", "matchCriteriaId": "4C4BD2EA-B651-433C-AFA1-B73A18280483", "vulnerable": true}, {"criteria": "cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "10FE3EFE-AF19-4B49-A8B8-DD76CC55583C", "vulnerable": true}, {"criteria": "cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "8A6D079E-4E21-43BC-A579-937ED6CAC003", "vulnerable": true}, {"criteria": "cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "48E7B5DC-5423-49C2-BA23-C24637F4E7E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8D4C712B-B5FD-4629-8511-005EE6DA2FCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:wizonesolutions:fillpdf:7.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "C5DA989C-B003-4311-99C0-E7A5A5A63A49", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "El m\u00f3dulo Fill PDF v7.x-1.x antes de v7.x-1.2 para Drupal permite a atacantes remotos escribir en archivos PDF de su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados con la funci\u00f3n fillpdf_merge_pdf y unos argumentos incorrectos. Se trata de una vulnerabilidad diferente a CVE-2012-1625a NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros.\r\n"}], "id": "CVE-2012-5007", "lastModified": "2012-09-20T18:47:35.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-09-20T03:46:36.490", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1394428"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/78181"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47418"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/51288"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}