CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2024-13264

CVSS 9.8v3.1pub. 2025-01-09upd. 2025-08-27

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2.

πŸ€– AI Analysis
How it works

The Opigno module improperly neutralizes directives in statically written code (CWE-96), which allows embedding malicious PHP directives in files saved by the application. Subsequently, an attacker can cause these files to be loaded and executed by the PHP interpreter through a Local File Inclusion mechanism. The attack requires no authentication or user interaction, and the vector is network-based with low complexity.

Impact

An attacker can execute arbitrary PHP code on the server, leading to complete takeover of the application and server, data theft, content modification, and potential lateral movement within the infrastructure.

Mitigation & patch

The Opigno module should be updated to version 3.1.2 or later. Detailed information is available in the official Drupal security bulletin at https://www.drupal.org/sa-contrib-2024-028

Who is affected

Drupal Opigno Module in all versions from 0.0.0 to versions earlier than 3.1.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Opigno Module

    APP
    Opigno
    < 3.1.2
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-13265HIGH7.5ten sam vendor

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drup...

CVE-2024-13267HIGH7.5ten sam vendor

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drup...

CVE-2024-13263MEDIUM5.5ten sam vendor

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drup...

CVE-2024-13268MEDIUM6.8ten sam vendor

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drup...

CVE-2024-13264 β€” Opigno β€” Opigno Module β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl