CVE-2024-13297 Eloqua - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-063

Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X- before 7.X-1.15...

CVE-2024-13296 Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062

Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1...

CVE-2024-13296

CVE-2024-13296 describes a Deserialization of Untrusted Data vulnerability in the Drupal Mailjet module, enabling Object Injection. Affected versions are Mailjet 0.0.0 up to (but not including) 4.0.1. The root cause is insecure deserialization within the Mailjet Drupal module, potentially allowin...

CVE-2024-13295 Node export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061

Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X- before 7.X-3.3...

CVE-2024-13294 POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal POST File allows Cross-Site Scripting XSS.This issue affects POST File: from 0.0.0 before 1.0.2...

CVE-2024-13294 POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal POST File allows Cross-Site Scripting XSS.This issue affects POST File: from 0.0.0 before 1.0.2...

CVE-2024-13294

CVE-2024-13294 concerns the Drupal POST File module, where improper neutralization of input during web page generation enables Cross-Site Scripting (XSS). Affected versions are 0.0.0 through 1.0.2. The root cause is input handling in the POST File endpoint; exploitation could permit user-controll...

CVE-2024-13288 Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052

Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2...

CVE-2024-13268 Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23...

CVE-2024-13268

CVE-2024-13268 describes a vulnerability in the Drupal Opigno module where improper neutralization of directives in statically saved code enables PHP Local File Inclusion. Affected versions are Opigno 7.X-1.0 up to but not including 7.X-1.23. The CVE entry indicates a network-accessible flaw with...

CVE-2024-13268 Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23...

CVE-2024-13267 Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3...

CVE-2024-13267

The Drupal Opigno TinCan Question Type module (7.X-1.0 through 7.X-1.3) is affected by SA-CONTRIB-2024-031, describing improper neutralization of directives in statically saved code that enables a static code injection vulnerability. This can allow Remote Code Execution (RCE) and/or Cross Site Sc...

CVE-2024-13267 Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3...

CVE-2024-13265

CVE-2024-13265 affects the Opigno Learning Path module used with Drupal. According to the connected documents, the issue is caused by improper neutralization of directives in statically saved code (static code injection), which allows PHP Local File Inclusion and can enable arbitrary code executi...

CVE-2024-13265 Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2...

CVE-2024-13264 Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2...

CVE-2024-13264

The CVE-2024-13264 issue affects the Opigno module used with Drupal, arising from improper neutralization of directives in statically saved code (Static Code Injection) that enables PHP Local File Inclusion. The PT-2024-10353 writeup specifies Opigno versions 0.0.0 through 3.1.2 as vulnerable, wi...

CVE-2024-13263 Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1...

CVE-2024-13263

CVE-2024-13263 affects Opigno group manager (versions 0.0.0 up to 3.1.1). The root cause is improper neutralization of directives in statically saved code (static code injection), which can lead to PHP Local File Inclusion. Several connected sources corroborate that this vulnerability enables arb...