Vulnerabilites related to Drupal - Opigno
CVE-2024-13268 (GCVE-0-2024-13268)
Vulnerability from cvelistv5
Published
2025-01-09 19:18
Modified
2025-01-31 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Summary
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T15:38:06.514938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:38:34.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/opigno",
"defaultStatus": "unaffected",
"product": "Opigno",
"repo": "https://git.drupalcode.org/project/opigno",
"vendor": "Drupal",
"versions": [
{
"lessThan": "7.x-1.23",
"status": "affected",
"version": "7.x-1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "finder",
"value": "Marcin Grabias"
},
{
"lang": "en",
"type": "finder",
"value": "catch"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
}
],
"datePublic": "2024-08-21T16:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno: from 7.X-1.0 before 7.X-1.23.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:18:18.307Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-032"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13268",
"datePublished": "2025-01-09T19:18:18.307Z",
"dateReserved": "2025-01-09T18:28:03.683Z",
"dateUpdated": "2025-01-31T15:38:34.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}