Simplenews Scheduler Project : Security Vulnerabilities, CVEs,
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
Max CVSS
6.0
EPSS Score
0.23%
Published
2012-12-03
Updated
2012-12-04
1 vulnerabilities found