Lucene search

[email protected]CVE-2013-4446

HistoryDec 07, 2013 - 8:55 p.m.

CVE-2013-4446

2013-12-0720:55:02

CWE-94

[email protected]

web.nvd.nist.gov

cve-2013-4446

drupal

context module

remote code execution

nvd

php

json_decode

ajax operations

eval injection

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.6%

JSON

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.

Affected configurations

NVD

Node

steven_jonescontextMatch6.x-2.0alpha1

steven_jonescontextMatch6.x-2.0alpha2

steven_jonescontextMatch6.x-2.0beta1

steven_jonescontextMatch6.x-2.0beta2

steven_jonescontextMatch6.x-2.0beta3

steven_jonescontextMatch6.x-2.0beta4

steven_jonescontextMatch6.x-2.0beta5

steven_jonescontextMatch6.x-2.0beta6

steven_jonescontextMatch6.x-2.0beta7

steven_jonescontextMatch6.x-2.0rc1

steven_jonescontextMatch6.x-2.0rc2

steven_jonescontextMatch6.x-2.0rc3

steven_jonescontextMatch6.x-3.0

steven_jonescontextMatch6.x-3.0alpha1

steven_jonescontextMatch6.x-3.0alpha2

steven_jonescontextMatch6.x-3.0beta1

steven_jonescontextMatch6.x-3.0beta2

steven_jonescontextMatch6.x-3.0beta3

steven_jonescontextMatch6.x-3.0beta4

steven_jonescontextMatch6.x-3.0beta5

steven_jonescontextMatch6.x-3.0beta6

steven_jonescontextMatch6.x-3.0beta7

steven_jonescontextMatch6.x-3.0beta8

steven_jonescontextMatch6.x-3.0rc1

steven_jonescontextMatch6.x-3.0rc2

steven_jonescontextMatch6.x-3.1

steven_jonescontextMatch6.x-3.xdev

steven_jonescontextMatch7.x-3.0alpha1

steven_jonescontextMatch7.x-3.0alpha2

steven_jonescontextMatch7.x-3.0alpha3

steven_jonescontextMatch7.x-3.0beta1

steven_jonescontextMatch7.x-3.0beta2

steven_jonescontextMatch7.x-3.0beta3

steven_jonescontextMatch7.x-3.0beta4

steven_jonescontextMatch7.x-3.0beta5

steven_jonescontextMatch7.x-3.0beta6

steven_jonescontextMatch7.x-3.0beta7

steven_jonescontextMatch7.x-3.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
steven_jones:contextsteven jones contexteq6.x-2.0
steven_jones:contextsteven jones contexteq6.x-3.0
steven_jones:contextsteven jones contexteq6.x-3.1
steven_jones:contextsteven jones contexteq6.x-3.x
steven_jones:contextsteven jones contexteq7.x-3.0
steven_jones:contextsteven jones contexteq7.x-3.x

CPE	Name	Operator	Version
steven_jones:context	steven jones context	eq	6.x-2.0
steven_jones:context	steven jones context	eq	6.x-3.0
steven_jones:context	steven jones context	eq	6.x-3.1
steven_jones:context	steven jones context	eq	6.x-3.x
steven_jones:context	steven jones context	eq	7.x-3.0
steven_jones:context	steven jones context	eq	7.x-3.x