1. Home
  2. CVE Database
  3. CVE-2013-4446
MEDIUM · 6.8

CVE-2013-4446

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support th...

Vulnerability Description

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
Steven JonesContext6.x-2.0
DrupalDrupal-

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2013-4446?

CVE-2013-4446 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support th...

How severe is CVE-2013-4446?

CVE-2013-4446 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4446?

Check the references section above for vendor advisories and patch information. Affected products include: Steven Jones Context, Drupal Drupal.