CVE-2013-4446

EUVD-2013-4317
The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-2.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.0:x
steven_jonescontext
6.x-3.1:x
steven_jonescontext
6.x-3.x:x
steven_jonescontext
7.x-3.0:x
steven_jonescontext
7.x-3.0:x
steven_jonescontext
7.x-3.0:x
steven_jonescontext
7.x-3.0:x
steven_jonescontext
7.x-3.0:x
steven_jonescontext
7.x-3.0:x
steven_jonescontext
7.x-3.0:x
steven_jonescontext
7.x-3.0:x
steven_jonescontext
7.x-3.0:x
steven_jonescontext
7.x-3.0:x
steven_jonescontext
7.x-3.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupalcode.org/project/context.git/commitdiff/63ef4d9
http://drupalcode.org/project/context.git/commitdiff/d7b4afa
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121433.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122298.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122308.html
https://drupal.org/node/2112785
https://drupal.org/node/2112791
https://drupal.org/node/2113317
http://drupalcode.org/project/context.git/commitdiff/63ef4d9
http://drupalcode.org/project/context.git/commitdiff/d7b4afa
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121433.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122298.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122308.html
https://drupal.org/node/2112785
https://drupal.org/node/2112791
https://drupal.org/node/2113317