Arbitrary PHP Code Execution in OM Maximenu Module for Drupal
CVE-2012-6065 · MEDIUM Severity
AV:N/AC:H/AU:S/C:P/I:P/A:P
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553.
Learn more about our User Device Pen Test.