What is the severity of CVE-2013-4446?

The severity of CVE-2013-4446 is considered critical due to the potential for remote code execution.

How can I fix CVE-2013-4446?

To fix CVE-2013-4446, upgrade to Context module version 6.x-3.2 or 7.x-3.0 and later.

Which versions of the Context module are affected by CVE-2013-4446?

CVE-2013-4446 affects Context module versions 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0.

What exploitation methods are used with CVE-2013-4446?

Exploitation of CVE-2013-4446 can occur through unspecified vectors that allow unauthorized remote PHP code execution.

Are there any known attacks leveraging CVE-2013-4446?

Yes, there are known reports of attacks utilizing CVE-2013-4446 for unauthorized access and remote control of affected systems.

Vulnerability/
CVE-2013-4446

medium

6.8

CWE

7/12/2013

6/8/2024

CVE-2013-4446: Code Injection

First published: Sat Dec 07 2013(Updated: )

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Steven Jones Context	=6.x-2.0-alpha1
Steven Jones Context	=6.x-2.0-alpha2
Steven Jones Context	=6.x-2.0-beta1
Steven Jones Context	=6.x-2.0-beta2
Steven Jones Context	=6.x-2.0-beta3
Steven Jones Context	=6.x-2.0-beta4
Steven Jones Context	=6.x-2.0-beta5
Steven Jones Context	=6.x-2.0-beta6
Steven Jones Context	=6.x-2.0-beta7
Steven Jones Context	=6.x-2.0-rc1
Steven Jones Context	=6.x-2.0-rc2
Steven Jones Context	=6.x-2.0-rc3
Steven Jones Context	=6.x-3.0
Steven Jones Context	=6.x-3.0-alpha1
Steven Jones Context	=6.x-3.0-alpha2
Steven Jones Context	=6.x-3.0-beta1
Steven Jones Context	=6.x-3.0-beta2
Steven Jones Context	=6.x-3.0-beta3
Steven Jones Context	=6.x-3.0-beta4
Steven Jones Context	=6.x-3.0-beta5
Steven Jones Context	=6.x-3.0-beta6
Steven Jones Context	=6.x-3.0-beta7
Steven Jones Context	=6.x-3.0-beta8
Steven Jones Context	=6.x-3.0-rc1
Steven Jones Context	=6.x-3.0-rc2
Steven Jones Context	=6.x-3.1
Steven Jones Context	=6.x-3.x-dev
Steven Jones Context	=7.x-3.0-alpha1
Steven Jones Context	=7.x-3.0-alpha2
Steven Jones Context	=7.x-3.0-alpha3
Steven Jones Context	=7.x-3.0-beta1
Steven Jones Context	=7.x-3.0-beta2
Steven Jones Context	=7.x-3.0-beta3
Steven Jones Context	=7.x-3.0-beta4
Steven Jones Context	=7.x-3.0-beta5
Steven Jones Context	=7.x-3.0-beta6
Steven Jones Context	=7.x-3.0-beta7
Steven Jones Context	=7.x-3.x-dev
Drupal

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-4446?
The severity of CVE-2013-4446 is considered critical due to the potential for remote code execution.
How can I fix CVE-2013-4446?
To fix CVE-2013-4446, upgrade to Context module version 6.x-3.2 or 7.x-3.0 and later.
Which versions of the Context module are affected by CVE-2013-4446?
CVE-2013-4446 affects Context module versions 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0.
What exploitation methods are used with CVE-2013-4446?
Exploitation of CVE-2013-4446 can occur through unspecified vectors that allow unauthorized remote PHP code execution.
Are there any known attacks leveraging CVE-2013-4446?
Yes, there are known reports of attacks utilizing CVE-2013-4446 for unauthorized access and remote control of affected systems.

agent/references
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/steven jones
canonical/steven jones context
version/steven jones context/6.x-2.0-alpha1
version/steven jones context/6.x-2.0-alpha2
version/steven jones context/6.x-2.0-beta1
version/steven jones context/6.x-2.0-beta2
version/steven jones context/6.x-2.0-beta3
version/steven jones context/6.x-2.0-beta4
version/steven jones context/6.x-2.0-beta5
version/steven jones context/6.x-2.0-beta6
version/steven jones context/6.x-2.0-beta7
version/steven jones context/6.x-2.0-rc1
version/steven jones context/6.x-2.0-rc2
version/steven jones context/6.x-2.0-rc3
version/steven jones context/6.x-3.0
version/steven jones context/6.x-3.0-alpha1
version/steven jones context/6.x-3.0-alpha2
version/steven jones context/6.x-3.0-beta1
version/steven jones context/6.x-3.0-beta2
version/steven jones context/6.x-3.0-beta3
version/steven jones context/6.x-3.0-beta4
version/steven jones context/6.x-3.0-beta5
version/steven jones context/6.x-3.0-beta6
version/steven jones context/6.x-3.0-beta7
version/steven jones context/6.x-3.0-beta8
version/steven jones context/6.x-3.0-rc1
version/steven jones context/6.x-3.0-rc2
version/steven jones context/6.x-3.1
version/steven jones context/6.x-3.x-dev
version/steven jones context/7.x-3.0-alpha1
version/steven jones context/7.x-3.0-alpha2
version/steven jones context/7.x-3.0-alpha3
version/steven jones context/7.x-3.0-beta1
version/steven jones context/7.x-3.0-beta2
version/steven jones context/7.x-3.0-beta3
version/steven jones context/7.x-3.0-beta4
version/steven jones context/7.x-3.0-beta5
version/steven jones context/7.x-3.0-beta6
version/steven jones context/7.x-3.0-beta7
version/steven jones context/7.x-3.x-dev
vendor/drupal
canonical/drupal

CVE-2013-4446: Code Injection

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-4446?

How can I fix CVE-2013-4446?

Which versions of the Context module are affected by CVE-2013-4446?

What exploitation methods are used with CVE-2013-4446?

Are there any known attacks leveraging CVE-2013-4446?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-4446?

How can I fix CVE-2013-4446?

Which versions of the Context module are affected by CVE-2013-4446?

What exploitation methods are used with CVE-2013-4446?

Are there any known attacks leveraging CVE-2013-4446?