CVE-2014-3453 in flag정보

요약

\~에 의해 MITRE

Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

예약하다

2014. 05. 11.

모더레이션

수락

항목

VDB-69720

EPSS

0.02119

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!