CVE-2024-13263 - Vulnerability Details - OpenCVE

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.drupal.org/sa-contrib-2024-027

History

Thu, 09 Jan 2025 19:30:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1.
Title		Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027
Weaknesses		CWE-96
References		https://www.drupal.org/sa-contrib-2024-027

MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2025-01-09T19:15:18.382Z

Updated: 2025-01-09T19:15:18.382Z

Reserved: 2025-01-09T18:27:58.262Z

Link: CVE-2024-13263

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-01-09T20:15:35.007

Modified: 2025-01-09T20:15:35.007

Link: CVE-2024-13263

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-13263", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2025-01-09T18:27:58.262Z", "datePublished": "2025-01-09T19:15:18.382Z", "dateUpdated": "2025-01-09T19:15:18.382Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.drupal.org/project/opigno_group_manager", "defaultStatus": "unaffected", "product": "Opigno group manager", "repo": "https://git.drupalcode.org/project/opigno_group_manager", "vendor": "Drupal", "versions": [{"lessThan": "3.1.1", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "catch"}, {"lang": "en", "type": "finder", "value": "Marcin Grabias"}, {"lang": "en", "type": "remediation developer", "value": "Yurii Boichenko"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison"}, {"lang": "en", "type": "coordinator", "value": "Benji Fisher"}], "datePublic": "2024-08-07T17:19:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.<p>This issue affects Opigno group manager: from 0.0.0 before 3.1.1.</p>"}], "value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "CAPEC-252 PHP Local File Inclusion"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-96", "description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2025-01-09T19:15:18.382Z"}, "references": [{"url": "https://www.drupal.org/sa-contrib-2024-027"}], "source": {"discovery": "UNKNOWN"}, "title": "Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}