Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Flag模块eval注入漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。Flag是其中的一个标记模块,该模块可标记任意的节点、评论、用户等内容。 Drupal Flag模块7.x-3.0版本和7.x-3.5及之前版本的includes/flag.export.inc文件中的‘flag_import_form_validate’函数存在eval注入漏洞。远程攻击者可借助‘Flag import code’文本区利用该漏洞执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A