CVE-2012-1641

Name of the Vulnerable Software and Affected Versions Finder module versions 6.x-1.x before 6.x-1.26 Finder module versions 7.x-1.x Finder module versions 7.x-2.x before 7.x-2.0-alpha8

Description The issue allows remote authenticated users with the administer finder permission to execute arbitrary PHP code. This is achieved via the "admin/build/finder/import" API endpoint. The finder import function in the Finder module is vulnerable to this issue.

Recommendations For Finder module version 6.x-1.x, update to version 6.x-1.26 or later. For Finder module version 7.x-1.x, update to a version that includes the fix, which is at least 7.x-2.0-alpha8 or later for the 7.x-2.x branch. For Finder module version 7.x-2.x, update to version 7.x-2.0-alpha8 or later. As a temporary workaround, consider restricting access to the finder import function and the "admin/build/finder/import" API endpoint for users with the administer finder permission.