Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to opigno - learning_path

CVE-2024-13265 (GCVE-0-2024-13265)

Vulnerability from cvelistv5

Published

2025-01-09 19:16

Modified

2025-01-14 16:28

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Summary

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2.

References

▼	URL	Tags
	https://www.drupal.org/sa-contrib-2024-029

Impacted products

	Vendor	Product	Version
	Drupal	Opigno Learning path	Version: 0.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-13265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T16:27:47.679982Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T16:28:09.972Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/opigno_learning_path",
          "defaultStatus": "unaffected",
          "product": "Opigno Learning path",
          "repo": "https://git.drupalcode.org/project/opigno_learning_path",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "3.1.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marcin Grabias"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "catch"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Axel Minck"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Yuriy Korzhov"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Andrii Aleksandrov"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Yurii Boichenko"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Greg Knaddison"
        }
      ],
      "datePublic": "2024-08-07T17:36:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno Learning path: from 0.0.0 before 3.1.2.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-252",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-252 PHP Local File Inclusion"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-96",
              "description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T19:16:21.090Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-contrib-2024-029"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2024-13265",
    "datePublished": "2025-01-09T19:16:21.090Z",
    "dateReserved": "2025-01-09T18:28:00.502Z",
    "dateUpdated": "2025-01-14T16:28:09.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd