Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by opigno
CVE-2024-13268 (GCVE-0-2024-13268)
Vulnerability from cvelistv5 – Published: 2025-01-09 19:18 – Updated: 2025-01-31 15:38
VLAI
Title
Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032
Summary
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Assigner
References
1 reference
Impacted products
Date Public
2024-08-21 16:34
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T15:38:06.514938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:38:34.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/opigno",
"defaultStatus": "unaffected",
"product": "Opigno",
"repo": "https://git.drupalcode.org/project/opigno",
"vendor": "Drupal",
"versions": [
{
"lessThan": "7.x-1.23",
"status": "affected",
"version": "7.x-1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "finder",
"value": "Marcin Grabias"
},
{
"lang": "en",
"type": "finder",
"value": "catch"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
}
],
"datePublic": "2024-08-21T16:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno: from 7.X-1.0 before 7.X-1.23.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:18:18.307Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-032"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13268",
"datePublished": "2025-01-09T19:18:18.307Z",
"dateReserved": "2025-01-09T18:28:03.683Z",
"dateUpdated": "2025-01-31T15:38:34.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13267 (GCVE-0-2024-13267)
Vulnerability from cvelistv5 – Published: 2025-01-09 19:17 – Updated: 2025-01-14 17:02
VLAI
Title
Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031
Summary
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Opigno TinCan Question Type |
Affected:
7.x-1.0 , < 7.x-1.3
(custom)
|
Date Public
2024-08-21 16:28
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T17:02:20.307428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T17:02:43.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/opigno_tincan_question_type",
"defaultStatus": "unaffected",
"product": "Opigno TinCan Question Type",
"repo": "https://git.drupalcode.org/project/opigno_tincan_question_type",
"vendor": "Drupal",
"versions": [
{
"lessThan": "7.x-1.3",
"status": "affected",
"version": "7.x-1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juraj Nemec"
},
{
"lang": "en",
"type": "finder",
"value": "Marcin Grabias"
},
{
"lang": "en",
"type": "finder",
"value": "catch"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Juraj Nemec"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Axel Minck"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
}
],
"datePublic": "2024-08-21T16:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:17:31.582Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13267",
"datePublished": "2025-01-09T19:17:31.582Z",
"dateReserved": "2025-01-09T18:28:02.688Z",
"dateUpdated": "2025-01-14T17:02:43.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13265 (GCVE-0-2024-13265)
Vulnerability from cvelistv5 – Published: 2025-01-09 19:16 – Updated: 2025-01-14 16:28
VLAI
Title
Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029
Summary
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Opigno Learning path |
Affected:
0.0.0 , < 3.1.2
(semver)
|
Date Public
2024-08-07 17:36
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:27:47.679982Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:28:09.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/opigno_learning_path",
"defaultStatus": "unaffected",
"product": "Opigno Learning path",
"repo": "https://git.drupalcode.org/project/opigno_learning_path",
"vendor": "Drupal",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcin Grabias"
},
{
"lang": "en",
"type": "finder",
"value": "catch"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Axel Minck"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yuriy Korzhov"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andrii Aleksandrov"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
}
],
"datePublic": "2024-08-07T17:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno Learning path: from 0.0.0 before 3.1.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:16:21.090Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-029"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13265",
"datePublished": "2025-01-09T19:16:21.090Z",
"dateReserved": "2025-01-09T18:28:00.502Z",
"dateUpdated": "2025-01-14T16:28:09.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13264 (GCVE-0-2024-13264)
Vulnerability from cvelistv5 – Published: 2025-01-09 19:15 – Updated: 2025-01-10 16:36
VLAI
Title
Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028
Summary
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Opigno module |
Affected:
0.0.0 , < 3.1.2
(semver)
|
Date Public
2024-08-07 17:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T16:35:53.652428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T16:36:51.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/opigno_module",
"defaultStatus": "unaffected",
"product": "Opigno module",
"repo": "https://git.drupalcode.org/project/opigno_module",
"vendor": "Drupal",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcin Grabias"
},
{
"lang": "en",
"type": "finder",
"value": "catch"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Axel Minck"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yuriy Korzhov"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andrii Aleksandrov"
},
{
"lang": "en",
"type": "remediation developer",
"value": "catch"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
}
],
"datePublic": "2024-08-07T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno module allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno module: from 0.0.0 before 3.1.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:15:52.754Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-028"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13264",
"datePublished": "2025-01-09T19:15:52.754Z",
"dateReserved": "2025-01-09T18:27:59.278Z",
"dateUpdated": "2025-01-10T16:36:51.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13263 (GCVE-0-2024-13263)
Vulnerability from cvelistv5 – Published: 2025-01-09 19:15 – Updated: 2025-01-10 21:27
VLAI
Title
Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027
Summary
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Opigno group manager |
Affected:
0.0.0 , < 3.1.1
(semver)
|
Date Public
2024-08-07 17:19
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T21:26:58.669388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:27:31.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/opigno_group_manager",
"defaultStatus": "unaffected",
"product": "Opigno group manager",
"repo": "https://git.drupalcode.org/project/opigno_group_manager",
"vendor": "Drupal",
"versions": [
{
"lessThan": "3.1.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "catch"
},
{
"lang": "en",
"type": "finder",
"value": "Marcin Grabias"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Benji Fisher"
}
],
"datePublic": "2024-08-07T17:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Opigno group manager: from 0.0.0 before 3.1.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027) vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:15:18.382Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-027"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13263",
"datePublished": "2025-01-09T19:15:18.382Z",
"dateReserved": "2025-01-09T18:27:58.262Z",
"dateUpdated": "2025-01-10T21:27:31.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}