Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Opigno TinCan Question Type by Drupal

    CVE-2024-13267 (GCVE-0-2024-13267)

    Vulnerability from nvd – Published: 2025-01-09 19:17 – Updated: 2025-01-14 17:02
    VLAI
    Title
    Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031
    Summary
    Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Opigno TinCan Question Type Affected: 7.x-1.0 , < 7.x-1.3 (custom)
    Create a notification for this product.
    Date Public
    2024-08-21 16:28
    Credits
    Juraj Nemec Marcin Grabias catch Juraj Nemec Axel Minck Yurii Boichenko Greg Knaddison Juraj Nemec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13267",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T17:02:20.307428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T17:02:43.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/opigno_tincan_question_type",
              "defaultStatus": "unaffected",
              "product": "Opigno TinCan Question Type",
              "repo": "https://git.drupalcode.org/project/opigno_tincan_question_type",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "7.x-1.3",
                  "status": "affected",
                  "version": "7.x-1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juraj Nemec"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Grabias"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "catch"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Juraj Nemec"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Axel Minck"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Yurii Boichenko"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec"
            }
          ],
          "datePublic": "2024-08-21T16:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-252 PHP Local File Inclusion"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-96",
                  "description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T19:17:31.582Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-031"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13267",
        "datePublished": "2025-01-09T19:17:31.582Z",
        "dateReserved": "2025-01-09T18:28:02.688Z",
        "dateUpdated": "2025-01-14T17:02:43.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13267 (GCVE-0-2024-13267)

    Vulnerability from cvelistv5 – Published: 2025-01-09 19:17 – Updated: 2025-01-14 17:02
    VLAI
    Title
    Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031
    Summary
    Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Opigno TinCan Question Type Affected: 7.x-1.0 , < 7.x-1.3 (custom)
    Create a notification for this product.
    Date Public
    2024-08-21 16:28
    Credits
    Juraj Nemec Marcin Grabias catch Juraj Nemec Axel Minck Yurii Boichenko Greg Knaddison Juraj Nemec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13267",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T17:02:20.307428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T17:02:43.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/opigno_tincan_question_type",
              "defaultStatus": "unaffected",
              "product": "Opigno TinCan Question Type",
              "repo": "https://git.drupalcode.org/project/opigno_tincan_question_type",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "7.x-1.3",
                  "status": "affected",
                  "version": "7.x-1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juraj Nemec"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Grabias"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "catch"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Juraj Nemec"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Axel Minck"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Yurii Boichenko"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec"
            }
          ],
          "datePublic": "2024-08-21T16:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-252 PHP Local File Inclusion"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-96",
                  "description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T19:17:31.582Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-031"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13267",
        "datePublished": "2025-01-09T19:17:31.582Z",
        "dateReserved": "2025-01-09T18:28:02.688Z",
        "dateUpdated": "2025-01-14T17:02:43.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }