Vulnerabilites related to opigno - opigno_module
CVE-2024-13264 (GCVE-0-2024-13264)
Vulnerability from cvelistv5
Published
2025-01-09 19:15
Modified
2025-01-10 16:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Summary
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | Opigno module |
Version: 0.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:35:53.652428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:36:51.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/opigno_module",
"defaultStatus": "unaffected",
"product": "Opigno module",
"repo": "https://git.drupalcode.org/project/opigno_module",
"vendor": "Drupal",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcin Grabias"
},
{
"lang": "en",
"type": "finder",
"value": "catch"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Axel Minck"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yuriy Korzhov"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andrii Aleksandrov"
},
{
"lang": "en",
"type": "remediation developer",
"value": "catch"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
}
],
"datePublic": "2024-08-07T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno module allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno module: from 0.0.0 before 3.1.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:15:52.754Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-028"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13264",
"datePublished": "2025-01-09T19:15:52.754Z",
"dateReserved": "2025-01-09T18:27:59.278Z",
"dateUpdated": "2025-01-10T16:36:51.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-01-09 20:15
Modified
2025-08-27 19:49
Severity ?
Summary
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| mlhess@drupal.org | https://www.drupal.org/sa-contrib-2024-028 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opigno | opigno_module | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opigno:opigno_module:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "C5A1F40A-B0BF-43FE-94F5-AFB7B42441BF",
"versionEndExcluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de directivas en c\u00f3digo guardado est\u00e1ticamente (\u0027inyecci\u00f3n de c\u00f3digo est\u00e1tico\u0027) en Drupal Opigno module permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Opigno module: desde la versi\u00f3n 0.0.0 hasta la 3.1.2."
}
],
"id": "CVE-2024-13264",
"lastModified": "2025-08-27T19:49:26.197",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-09T20:15:35.117",
"references": [
{
"source": "mlhess@drupal.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-contrib-2024-028"
}
],
"sourceIdentifier": "mlhess@drupal.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-96"
}
],
"source": "mlhess@drupal.org",
"type": "Secondary"
}
]
}