VIR Vulnerability Intelligence Relay

CVE-2012-2067

medium
Published 2012-09-05 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/48435

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1482528

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1482480

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1482466

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1482442

Application impact
VendorProductVersionsFixed
ckeditorfckeditor6.x-1.1
ckeditorfckeditor6.x-1.2
ckeditorfckeditor6.x-1.2-1
ckeditorfckeditor6.x-1.3
ckeditorfckeditor6.x-1.4
ckeditorfckeditor6.x-1.x
ckeditorfckeditor6.x-2.0
ckeditorfckeditor6.x-2.1
ckeditorfckeditor6.x-2.2
ckeditorfckeditor6.x-2.3
ckeditorfckeditor6.x-2.x
drupaldrupal-
ckeditorckeditor6.x-1.0
ckeditorckeditor6.x-1.1
ckeditorckeditor6.x-1.2
ckeditorckeditor6.x-1.3
ckeditorckeditor6.x-1.4
ckeditorckeditor6.x-1.5
ckeditorckeditor6.x-1.6
ckeditorckeditor6.x-1.7
ckeditorckeditor6.x-1.x
ckeditorckeditor7.x-1.0
ckeditorckeditor7.x-1.1
ckeditorckeditor7.x-1.2
ckeditorckeditor7.x-1.3
ckeditorckeditor7.x-1.4
ckeditorckeditor7.x-1.5
ckeditorckeditor7.x-1.6
ckeditorckeditor7.x-1.x

References

Verify integrity in audit chain (admin only). AS-IS.