CVE-2010-1546

Severity Score

6.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc.

Multiples vulnerabilidades en eval (evaluación directa de código dinámico) en la funcionalidad "import" el módulo Chaos Tool Suite (CTools) v6.x en versiones anteriores a la v6.x-1.4 de Drupal; permiten a usuarios remotos autenticados, con privilegios de "administer page manager" (gestor de página administrador), ejecutar código PHP de su elección a través de la entrada a un área de texto; relacionado con (1) la función page_manager_page_import_subtask_validate en page_manager/plugins/tasks/page.admin.inc y (2) la función page_manager_handler_import_validate de page_manager/page_manager.admin.inc.

*Credits: N/A

CVSS Scores

NISTv2 6.0

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-04-26 CVE Reserved
2010-05-21 CVE Published
2024-07-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (10)

URL	Tag	Source
http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?r1=1.27.2.9&r2=1.27.2.10	X_refsource_confirm
http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/page_manager.admin.inc?view=log	X_refsource_confirm
http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?r1=1.18.2.6&r2=1.18.2.7	X_refsource_confirm
http://drupalcode.org/viewvc/drupal/contributions/modules/ctools/page_manager/plugins/tasks/page.admin.inc?view=log	X_refsource_confirm
http://seclists.org/fulldisclosure/2010/May/272	Mailing List
http://www.madirish.net/?article=458	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/58723	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://drupal.org/node/803944	2017-08-17
http://www.securityfocus.com/bid/40285	2017-08-17

URL	Date	SRC
http://secunia.com/advisories/39884	2017-08-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.0 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.0"		drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.0 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.0"		alpha1, drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.0 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.0"		alpha2, drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.0 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.0"		alpha3, drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.0 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.0"		beta1, drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.0 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.0"		beta2, drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.0 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.0"		beta3, drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.0 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.0"		beta4, drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.0 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.0"		rc1, drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.1 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.1"		drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.2 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.2"		drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.3 Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.3"		drupal		Affected
Chaos Tool Suite Project Search vendor "Chaos Tool Suite Project"		Ctools Search vendor "Chaos Tool Suite Project" for product "Ctools"				6.x-1.x Search vendor "Chaos Tool Suite Project" for product "Ctools" and version "6.x-1.x"		dev, drupal		Affected