{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-13267", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2025-01-09T18:28:02.688Z", "datePublished": "2025-01-09T19:17:31.582Z", "dateUpdated": "2025-01-14T17:02:43.767Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.drupal.org/project/opigno_tincan_question_type", "defaultStatus": "unaffected", "product": "Opigno TinCan Question Type", "repo": "https://git.drupalcode.org/project/opigno_tincan_question_type", "vendor": "Drupal", "versions": [{"lessThan": "7.x-1.3", "status": "affected", "version": "7.x-1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juraj Nemec"}, {"lang": "en", "type": "finder", "value": "Marcin Grabias"}, {"lang": "en", "type": "finder", "value": "catch"}, {"lang": "en", "type": "remediation developer", "value": "Juraj Nemec"}, {"lang": "en", "type": "remediation developer", "value": "Axel Minck"}, {"lang": "en", "type": "remediation developer", "value": "Yurii Boichenko"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec"}], "datePublic": "2024-08-21T16:28:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.<p>This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.</p>"}], "value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "CAPEC-252 PHP Local File Inclusion"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-96", "description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2025-01-09T19:17:31.582Z"}, "references": [{"url": "https://www.drupal.org/sa-contrib-2024-031"}], "source": {"discovery": "UNKNOWN"}, "title": "Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-14T17:02:20.307428Z", "id": "CVE-2024-13267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T17:02:43.767Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-13267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-14T17:02:20.307428Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T17:02:39.804Z"}}], "cna": {"title": "Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Juraj Nemec"}, {"lang": "en", "type": "finder", "value": "Marcin Grabias"}, {"lang": "en", "type": "finder", "value": "catch"}, {"lang": "en", "type": "remediation developer", "value": "Juraj Nemec"}, {"lang": "en", "type": "remediation developer", "value": "Axel Minck"}, {"lang": "en", "type": "remediation developer", "value": "Yurii Boichenko"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec"}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "CAPEC-252 PHP Local File Inclusion"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/opigno_tincan_question_type", "vendor": "Drupal", "product": "Opigno TinCan Question Type", "versions": [{"status": "affected", "version": "7.x-1.0", "lessThan": "7.x-1.3", "versionType": "custom"}], "collectionURL": "https://www.drupal.org/project/opigno_tincan_question_type", "defaultStatus": "unaffected"}], "datePublic": "2024-08-21T16:28:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2024-031"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.<p>This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-96", "description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2025-01-09T19:17:31.582Z"}}}, "cveMetadata": {"cveId": "CVE-2024-13267", "state": "PUBLISHED", "dateUpdated": "2025-01-14T17:02:43.767Z", "dateReserved": "2025-01-09T18:28:02.688Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2025-01-09T19:17:31.582Z", "assignerShortName": "drupal"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opigno:tincan_question_type:*:*:*:*:*:drupal:*:*", "matchCriteriaId": "7B47C696-F155-40E2-A6A0-D07D58F6F3E0", "versionEndExcluding": "7.x-1.3", "versionStartIncluding": "7.x-1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de directivas en c\u00f3digo guardado est\u00e1ticamente ('inyecci\u00f3n de c\u00f3digo est\u00e1tico') en Drupal Opigno TinCan Question Type permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Opigno TinCan Question Type: desde 7.X-1.0 antes de 7.X-1.3."}], "id": "CVE-2024-13267", "lastModified": "2025-08-27T19:43:43.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-09T20:15:35.470", "references": [{"source": "mlhess@drupal.org", "tags": ["Third Party Advisory"], "url": "https://www.drupal.org/sa-contrib-2024-031"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-96"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}

{}