CVE-2014-3453 - OpenCVE

Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Flag Module Project	Flag

Configuration 1 [-]

OR	cpe:2.3:a:flag_module_project:flag::::::drupal::*
	cpe:2.3:a:flag_module_project:flag:7.x-3.0:-::::drupal::*
	cpe:2.3:a:flag_module_project:flag:7.x-3.0:alpha1::::drupal::*
	cpe:2.3:a:flag_module_project:flag:7.x-3.0:alpha2::::drupal::*
	cpe:2.3:a:flag_module_project:flag:7.x-3.0:alpha3::::drupal::*
	cpe:2.3:a:flag_module_project:flag:7.x-3.0:alpha4::::drupal::*
	cpe:2.3:a:flag_module_project:flag:7.x-3.0:beta1::::drupal::*
	cpe:2.3:a:flag_module_project:flag:7.x-3.0:rc1::::drupal::*
	cpe:2.3:a:flag_module_project:flag:7.x-3.1:::::drupal::
	cpe:2.3:a:flag_module_project:flag:7.x-3.2:::::drupal::
	cpe:2.3:a:flag_module_project:flag:7.x-3.3:::::drupal::
	cpe:2.3:a:flag_module_project:flag:7.x-3.4:::::drupal::
	cpe:2.3:a:flag_module_project:flag:7.x-3.x:dev::::drupal::*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2014/May/44
http://www.openwall.com/lists/oss-security/2014/05/12/2
http://www.securityfocus.com/bid/67318
https://bugzilla.redhat.com/show_bug.cgi?id=1096604

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-05-17T19:00:00

Updated: 2024-08-06T10:43:05.781Z

Reserved: 2014-05-11T00:00:00

Link: CVE-2014-3453

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-05-17T19:55:03.543

Modified: 2014-05-19T16:32:02.917

Link: CVE-2014-3453

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the \"Flag import code\" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-17T18:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "67318", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67318"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1096604"}, {"name": "20140509 Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/May/44"}, {"name": "[oss-security] 20140512 Re: CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/12/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3453", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the \"Flag import code\" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "67318", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67318"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1096604", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1096604"}, {"name": "20140509 Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/May/44"}, {"name": "[oss-security] 20140512 Re: CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/12/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:43:05.781Z"}, "title": "CVE Program Container", "references": [{"name": "67318", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67318"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1096604"}, {"name": "20140509 Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/May/44"}, {"name": "[oss-security] 20140512 Re: CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/12/2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3453", "datePublished": "2014-05-17T19:00:00", "dateReserved": "2014-05-11T00:00:00", "dateUpdated": "2024-08-06T10:43:05.781Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flag_module_project:flag:*:*:*:*:*:drupal:*:*", "matchCriteriaId": "AA9AA3B2-53A6-4EA1-8EB3-A96216275671", "versionEndIncluding": "7.x-3.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.0:-:*:*:*:drupal:*:*", "matchCriteriaId": "2105271A-47DB-4B57-A921-D6E35DE47466", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.0:alpha1:*:*:*:drupal:*:*", "matchCriteriaId": "DE2A8ADB-D5AE-454F-9693-43E5268266F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.0:alpha2:*:*:*:drupal:*:*", "matchCriteriaId": "B68F7250-5A82-4893-9A05-E23B18CF37E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.0:alpha3:*:*:*:drupal:*:*", "matchCriteriaId": "206DE964-539D-474D-8742-11D5CE59052E", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.0:alpha4:*:*:*:drupal:*:*", "matchCriteriaId": "339EDB57-8CCA-4D16-9E2E-9944F8F77AC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.0:beta1:*:*:*:drupal:*:*", "matchCriteriaId": "BBCF8C18-6E05-4DD3-A986-DE306AB3E7F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.0:rc1:*:*:*:drupal:*:*", "matchCriteriaId": "53310BDE-FB58-4932-B74B-28E4A24DBC68", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.1:*:*:*:*:drupal:*:*", "matchCriteriaId": "F48E13FD-CFCC-41F8-8127-87C819CEE7F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.2:*:*:*:*:drupal:*:*", "matchCriteriaId": "0729F914-0CAF-4C05-B978-A313F955732C", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.3:*:*:*:*:drupal:*:*", "matchCriteriaId": "E75BD487-C959-4D30-83D3-8FCFC38D0AE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.4:*:*:*:*:drupal:*:*", "matchCriteriaId": "F4D76F04-C3C2-4089-B5D5-4CCF4C2EE1BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:flag_module_project:flag:7.x-3.x:dev:*:*:*:drupal:*:*", "matchCriteriaId": "65B73028-BF40-4EFE-A4EC-5BF4E849F4F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the \"Flag import code\" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n Eval en la funci\u00f3n flag_import_form_validate en includes/flag.export.inc en el m\u00f3dulo Flag 7.x-3.0, 7.x-3.5 y anteriores para Drupal permite a administradores remotos autenticados ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de la \u00e1rea de texto 'c\u00f3digo de importaci\u00f3n Flag' hacia admin/structure/flags/import. NOTA: este problema tambi\u00e9n podr\u00eda ser explotado por otros atacantes si el administrador ignora un aviso de seguridad en la p\u00e1gina de asignaci\u00f3n de permisos."}], "id": "CVE-2014-3453", "lastModified": "2014-05-19T16:32:02.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-17T19:55:03.543", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/May/44"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/12/2"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67318"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1096604"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}