CVE-2014-3453

17.05.2014, 19:55

Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import.  NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.

Code Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:S/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Vendor	Product	Version
flag_module_project	flag	𝑥 ≤ 7.x-3.5
flag_module_project	flag	7.x-3.0:x
flag_module_project	flag	7.x-3.0:x
flag_module_project	flag	7.x-3.0:x
flag_module_project	flag	7.x-3.0:x
flag_module_project	flag	7.x-3.0:x
flag_module_project	flag	7.x-3.0:x
flag_module_project	flag	7.x-3.0:x
flag_module_project	flag	7.x-3.1:x
flag_module_project	flag	7.x-3.2:x
flag_module_project	flag	7.x-3.3:x
flag_module_project	flag	7.x-3.4:x
flag_module_project	flag	7.x-3.x:x

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://seclists.org/fulldisclosure/2014/May/44

http://www.openwall.com/lists/oss-security/2014/05/12/2

http://www.securityfocus.com/bid/67318

https://bugzilla.redhat.com/show_bug.cgi?id=1096604

http://seclists.org/fulldisclosure/2014/May/44

http://www.openwall.com/lists/oss-security/2014/05/12/2

http://www.securityfocus.com/bid/67318

https://bugzilla.redhat.com/show_bug.cgi?id=1096604