Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager…
drupal·CWE-96·Published 2025-01-09
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1.
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1.
The Opigno group manager project is related to Opigno LMS distribution. It allows to build the contents of learning paths, by combining together modules, courses, and other activities, ordering them, and defining conditional rules for the transitions from one step to the next one. An administration form allows execution of arbitrary code. This issue is mitigated by several factors. First, it requires the attacker have the permission "update group learning\_path". Additionally, it requires several steps and depends on other data in the system to be in place.
La vulnerabilidad de neutralización incorrecta de directivas en código guardado estáticamente ('inyección de código estático') en Drupal Opigno group manager permite la inclusión de archivos locales en PHP. Este problema afecta a Opigno group manager: desde la versión 0.0.0 hasta la 3.1.1.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 5.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
| 3.1 | Primary | cve.org | 5.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
| 3.1 | Secondary | NVD | 5.5 | 2.1 | 3.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |