CVE-2012-2067

Name of the Vulnerable Software and Affected Versions CKEditor module versions prior to 6.x-2.3 CKEditor module versions prior to 6.x-1.9 CKEditor module versions prior to 7.x-1.7

Description The issue allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter when the core PHP module is enabled.

Recommendations For CKEditor module versions prior to 6.x-2.3, update to version 6.x-2.3 or later. For CKEditor module versions prior to 6.x-1.9, update to version 6.x-1.9 or later. For CKEditor module versions prior to 7.x-1.7, update to version 7.x-1.7 or later.