Vulnerabilites related to opigno - opigno
Vulnerability from fkie_nvd
Published
2025-01-09 20:15
Modified
2025-08-27 19:39
Severity ?
Summary
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| mlhess@drupal.org | https://www.drupal.org/sa-contrib-2024-032 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opigno:opigno:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "72190A5B-757A-4B99-BA52-C8708A031E6A",
"versionEndExcluding": "7.x-1.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de directivas en c\u00f3digo guardado est\u00e1ticamente (\u0027inyecci\u00f3n de c\u00f3digo est\u00e1tico\u0027) en Drupal Opigno permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Opigno: desde 7.X-1.0 hasta 7.X-1.23."
}
],
"id": "CVE-2024-13268",
"lastModified": "2025-08-27T19:39:54.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-09T20:15:35.577",
"references": [
{
"source": "mlhess@drupal.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2024-032"
}
],
"sourceIdentifier": "mlhess@drupal.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-96"
}
],
"source": "mlhess@drupal.org",
"type": "Secondary"
}
]
}
CVE-2024-13268 (GCVE-0-2024-13268)
Vulnerability from cvelistv5
Published
2025-01-09 19:18
Modified
2025-01-31 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Summary
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T15:38:06.514938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:38:34.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/opigno",
"defaultStatus": "unaffected",
"product": "Opigno",
"repo": "https://git.drupalcode.org/project/opigno",
"vendor": "Drupal",
"versions": [
{
"lessThan": "7.x-1.23",
"status": "affected",
"version": "7.x-1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "finder",
"value": "Marcin Grabias"
},
{
"lang": "en",
"type": "finder",
"value": "catch"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
}
],
"datePublic": "2024-08-21T16:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno: from 7.X-1.0 before 7.X-1.23.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:18:18.307Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-032"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13268",
"datePublished": "2025-01-09T19:18:18.307Z",
"dateReserved": "2025-01-09T18:28:03.683Z",
"dateUpdated": "2025-01-31T15:38:34.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}