Design/Logic Flaw

2013-12-0720:55:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.6%

JSON

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.

CPENameOperatorVersion
contexteq6.x-2.0 beta7
contexteq6.x-2.0 beta2
contexteq6.x-2.0 beta4
contexteq6.x-2.0 rc3
contexteq6.x-2.0 beta6
contexteq6.x-2.0 beta1
contexteq6.x-2.0 rc1
contexteq6.x-2.0 beta3
contexteq6.x-2.0 alpha2
contexteq6.x-2.0 rc2

Name	Operator	Version
context	eq	6.x-2.0 beta7
context	eq	6.x-2.0 beta2
context	eq	6.x-2.0 beta4
context	eq	6.x-2.0 rc3
context	eq	6.x-2.0 beta6
context	eq	6.x-2.0 beta1
context	eq	6.x-2.0 rc1
context	eq	6.x-2.0 beta3
context	eq	6.x-2.0 alpha2
context	eq	6.x-2.0 rc2