RCE in Flag_module_project Flag
CVE-2014-3453
Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.021 (79.6th percentile) — read the EPSS interpretation.
Affected products
- Flag_module_project Flag — versions 7.x-3.0, 7.x-3.1, 7.x-3.2
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (mailing-list, Exploit, x_refsource_FULLDISC)
- cve@mitre.org (mailing-list, x_refsource_MLIST)