CVE-2013-0224 - OpenCVE

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Video Project	Video
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:video_project:video:7.x-2.0:alpha1::::::
	cpe:2.3:a:video_project:video:7.x-2.0:alpha2::::::
	cpe:2.3:a:video_project:video:7.x-2.0:alpha3::::::
	cpe:2.3:a:video_project:video:7.x-2.0:alpha4::::::
	cpe:2.3:a:video_project:video:7.x-2.0:alpha5::::::
	cpe:2.3:a:video_project:video:7.x-2.0:alpha6::::::
	cpe:2.3:a:video_project:video:7.x-2.1:alpha1::::::
	cpe:2.3:a:video_project:video:7.x-2.1:alpha2::::::
	cpe:2.3:a:video_project:video:7.x-2.1:alpha3::::::
	cpe:2.3:a:video_project:video:7.x-2.2:::::::*
	cpe:2.3:a:video_project:video:7.x-2.2:beta1::::::
	cpe:2.3:a:video_project:video:7.x-2.2:beta2::::::
	cpe:2.3:a:video_project:video:7.x-2.2:beta3::::::
	cpe:2.3:a:video_project:video:7.x-2.2:beta4::::::
	cpe:2.3:a:video_project:video:7.x-2.2:beta5::::::
	cpe:2.3:a:video_project:video:7.x-2.3:::::::*
	cpe:2.3:a:video_project:video:7.x-2.4:::::::*
	cpe:2.3:a:video_project:video:7.x-2.5:::::::*
	cpe:2.3:a:video_project:video:7.x-2.6:::::::*
	cpe:2.3:a:video_project:video:7.x-2.7:::::::*
	cpe:2.3:a:video_project:video:7.x-2.8:::::::*
	cpe:2.3:a:video_project:video:7.x-2.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2013/01/25/4
https://drupal.org/node/1895234	Patch
https://drupal.org/node/1896714	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:15:03

Updated: 2022-10-03T16:15:03

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-0224

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-03-19T14:55:02.657

Modified: 2013-03-21T04:00:00.000

Link: CVE-2013-0224

JSON object: View

Redhat Information

No data.

CWE

CWE-16

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/1896714"}, {"name": "[oss-security] 20130124 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/01/25/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/1895234"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0224", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drupal.org/node/1896714", "refsource": "MISC", "url": "https://drupal.org/node/1896714"}, {"name": "[oss-security] 20130124 Re: CVE request for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/01/25/4"}, {"name": "https://drupal.org/node/1895234", "refsource": "CONFIRM", "url": "https://drupal.org/node/1895234"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0224", "datePublished": "2022-10-03T16:15:03", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:video_project:video:7.x-2.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "4C73487E-DC48-46B0-A9FE-34B00243B152", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "E7968581-7A5D-48C1-8D22-1189D9DCB022", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "67CC059F-E1EC-486F-A158-0F50E19613F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "84E54824-2150-4971-841D-D9158EDE144F", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "49E7D413-1ED9-45C0-AFEB-69D43F0882FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "B01C0D53-8119-4B6B-B5FC-3C09B220650F", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.1:alpha1:*:*:*:*:*:*", "matchCriteriaId": "8C1A4A6D-3C46-4077-A877-AB051EC6E512", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.1:alpha2:*:*:*:*:*:*", "matchCriteriaId": "98E3F8F9-F6B2-45C0-BD5A-1BECA69D0BEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.1:alpha3:*:*:*:*:*:*", "matchCriteriaId": "EF8102C2-A4C2-40A5-B627-9C50F3ADBAD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A550D31-B13F-4729-87DA-F85212C37D47", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.2:beta1:*:*:*:*:*:*", "matchCriteriaId": "DC4523CC-2079-4363-9BFE-C9E4400021CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.2:beta2:*:*:*:*:*:*", "matchCriteriaId": "07D49CFF-B8B7-4EE6-8B27-426B1A8FFD0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.2:beta3:*:*:*:*:*:*", "matchCriteriaId": "C36C0CFB-91AE-4DE2-B294-C7DB2699BF8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.2:beta4:*:*:*:*:*:*", "matchCriteriaId": "03342BF1-7AD6-4B2A-A5AC-46802D209F41", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.2:beta5:*:*:*:*:*:*", "matchCriteriaId": "B37B9248-2055-4131-9934-0A3851986390", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC624276-E249-41DA-B640-9A1CD669A1A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.4:*:*:*:*:*:*:*", "matchCriteriaId": "9AC3334A-77DA-4CBF-9E21-77963A0F2963", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.5:*:*:*:*:*:*:*", "matchCriteriaId": "B722828A-6E3E-4901-A6A9-C98ABD1F0EED", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.6:*:*:*:*:*:*:*", "matchCriteriaId": "8931323F-1839-4404-A24E-716F23169B0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.7:*:*:*:*:*:*:*", "matchCriteriaId": "76FCAFA3-D733-448B-B09E-3B531C7A1F3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.8:*:*:*:*:*:*:*", "matchCriteriaId": "A091C84E-BA5C-4CB1-A8B0-49ACD05A4795", "vulnerable": true}, {"criteria": "cpe:2.3:a:video_project:video:7.x-2.x:dev:*:*:*:*:*:*", "matchCriteriaId": "D4AEE76E-6109-40CD-A50C-6588CAE6F76D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file."}, {"lang": "es", "value": "El m\u00f3dulo de v\u00eddeo v7.x-2.x antes v7.x-2.9 para Drupal, cuando utiliza el transcodificador FFmpeg, permite a usuarios locales ejecutar c\u00f3digo PHP arbitrario modificando un archivo temporal PHP."}], "id": "CVE-2013-0224", "lastModified": "2013-03-21T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-19T14:55:02.657", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/01/25/4"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/1895234"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://drupal.org/node/1896714"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}