Arbitrary PHP Code Execution in OM Maximenu Module for Drupal

Arbitrary PHP Code Execution in OM Maximenu Module for Drupal

CVE-2012-6065 · MEDIUM Severity

AV:N/AC:H/AU:S/C:P/I:P/A:P

The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553.

Learn more about our User Device Pen Test.