Lucene search
PRIOn knowledge basePRION:CVE-2014-3453HistoryMay 17, 2014 - 7:55 p.m.
Design/Logic Flaw
2014-05-1719:55:00
PRIOn knowledge base
www.prio-n.com
4
Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the “Flag import code” text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flag | eq | 7.120.31 | |
| flag | eq | 7.x-3.0 alpha1 | |
| flag | eq | <= 7.x-3.5 | |
| flag | eq | 7.120.34 | |
| flag | eq | 7.120.33 | |
| flag | eq | 7.x-3.0 alpha2 | |
| flag | eq | 7.120.32 | |
| flag | eq | 7.x-3.0 rc1 | |
| flag | eq | 7.120.30 | |
| flag | eq | 7.x-3.0 alpha4 |
Related
openvas
openvas
Fedora Update for drupal6-flag FEDORA-2015-0072
2015-01-15 00:00:00
Fedora Update for drupal6-flag FEDORA-2015-0078
2015-01-15 00:00:00
nessus
nessus
Fedora 21 : drupal6-flag-2.1-3.fc21 (2015-0078)
2015-01-15 00:00:00
Fedora 20 : drupal6-flag-2.1-3.fc20 (2015-0072)
2015-01-15 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: drupal6-flag-2.1-3.fc21
2015-01-14 07:30:12
[SECURITY] Fedora 20 Update: drupal6-flag-2.1-3.fc20
2015-01-14 07:25:51
nvd
nvd
CVE-2014-3453
2014-05-17 19:55:03
cve
cve
CVE-2014-3453
2014-05-17 19:55:03
cvelist
cvelist
CVE-2014-3453
2014-05-17 19:00:00
securityvulns
securityvulns