CVE-2024-13267

{"id": "CVE-2024-13267", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2025-01-09T20:15:35.470", "references": [{"url": "https://www.drupal.org/sa-contrib-2024-031", "tags": ["Third Party Advisory"], "source": "mlhess@drupal.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "mlhess@drupal.org", "description": [{"lang": "en", "value": "CWE-96"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de directivas en c\u00f3digo guardado est\u00e1ticamente ('inyecci\u00f3n de c\u00f3digo est\u00e1tico') en Drupal Opigno TinCan Question Type permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Opigno TinCan Question Type: desde 7.X-1.0 antes de 7.X-1.3."}], "lastModified": "2025-08-27T19:43:43.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opigno:tincan_question_type:*:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "7B47C696-F155-40E2-A6A0-D07D58F6F3E0", "versionEndExcluding": "7.x-1.3", "versionStartIncluding": "7.x-1.0"}], "operator": "OR"}]}], "sourceIdentifier": "mlhess@drupal.org"}