RCE in Flag_module_project Flag

CVE-2014-3453

Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.021 (79.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References