[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1546Date: (C)2010-05-21   (M)2023-12-22


Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://seclists.org/fulldisclosure/2010/May/272
SECUNIA-39884
BID-40285
chaos-tool-import-code-execution(58723)
http://drupal.org/node/803944
http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9&r2=1.27.2.10
http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log
http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6&r2=1.18.2.7
http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log
http://www.madirish.net/?article=458

CPE    13
cpe:/a:chaos_tool_suite_project:ctools:6.x-1.0:alpha2:~~~drupal~~
cpe:/a:chaos_tool_suite_project:ctools:6.x-1.0:alpha3:~~~drupal~~
cpe:/a:chaos_tool_suite_project:ctools:6.x-1.2::~~~drupal~~
cpe:/a:chaos_tool_suite_project:ctools:6.x-1.3::~~~drupal~~
...
CWE    1
CWE-94

© SecPod Technologies