6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
85.6%
The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.
drupalcode.org/project/context.git/commitdiff/63ef4d9
drupalcode.org/project/context.git/commitdiff/d7b4afa
lists.fedoraproject.org/pipermail/package-announce/2013-November/121433.html
lists.fedoraproject.org/pipermail/package-announce/2013-November/122298.html
lists.fedoraproject.org/pipermail/package-announce/2013-November/122308.html
drupal.org/node/2112785
drupal.org/node/2112791
drupal.org/node/2113317