Back to search
CVE-2013-4446
Published: Dec 7, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2013-20965
vendor-advisory
x_refsource_FEDORA
https://drupal.org/node/2113317
x_refsource_CONFIRM
https://drupal.org/node/2112785
x_refsource_CONFIRM
http://drupalcode.org/project/context.git/commitdiff/63ef4d9
x_refsource_CONFIRM
FEDORA-2013-20942
vendor-advisory
x_refsource_FEDORA
http://drupalcode.org/project/context.git/commitdiff/d7b4afa
x_refsource_CONFIRM
FEDORA-2013-20976
vendor-advisory
x_refsource_FEDORA
https://drupal.org/node/2112791
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now