← Back

CVE-2013-4446

nvd nist
Published: Dec 7, 2013Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.

Affected (38)

Steven Jones
1 product
Context
Configuration A
38 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Steven Jones
Context
Version 6.x-2.0 alpha1
Context
Version 6.x-2.0 alpha2
Context
Version 6.x-2.0 beta1
Context
Version 6.x-2.0 beta2
Context
Version 6.x-2.0 beta3
Context
Version 6.x-2.0 beta4
Context
Version 6.x-2.0 beta5
Context
Version 6.x-2.0 beta6
Context
Version 6.x-2.0 beta7
Context
Version 6.x-2.0 rc1
Context
Version 6.x-2.0 rc2
Context
Version 6.x-2.0 rc3
Context
Version 6.x-3.0
Context
Version 6.x-3.0 alpha1
Context
Version 6.x-3.0 alpha2
Context
Version 6.x-3.0 beta1
Context
Version 6.x-3.0 beta2
Context
Version 6.x-3.0 beta3
Context
Version 6.x-3.0 beta4
Context
Version 6.x-3.0 beta5
Context
Version 6.x-3.0 beta6
Context
Version 6.x-3.0 beta7
Context
Version 6.x-3.0 beta8
Context
Version 6.x-3.0 rc1
Context
Version 6.x-3.0 rc2
Context
Version 6.x-3.1
Context
Version 6.x-3.x dev
Context
Version 7.x-3.0 alpha1
Context
Version 7.x-3.0 alpha2
Context
Version 7.x-3.0 alpha3
Context
Version 7.x-3.0 beta1
Context
Version 7.x-3.0 beta2
Context
Version 7.x-3.0 beta3
Context
Version 7.x-3.0 beta4
Context
Version 7.x-3.0 beta5
Context
Version 7.x-3.0 beta6
Context
Version 7.x-3.0 beta7
Context
Version 7.x-3.x dev
Running on/withPlatform Versions
Drupal
Drupal
All versions

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (16)

Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.