{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T13:48:10.137","vulnerabilities":[{"cve":{"id":"CVE-2024-13267","sourceIdentifier":"mlhess@drupal.org","published":"2025-01-09T20:15:35.470","lastModified":"2025-08-27T19:43:43.453","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3."},{"lang":"es","value":"La vulnerabilidad de neutralización incorrecta de directivas en código guardado estáticamente ('inyección de código estático') en Drupal Opigno TinCan Question Type permite la inclusión de archivos locales en PHP. Este problema afecta a Opigno TinCan Question Type: desde 7.X-1.0 antes de 7.X-1.3."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-96"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opigno:tincan_question_type:*:*:*:*:*:drupal:*:*","versionStartIncluding":"7.x-1.0","versionEndExcluding":"7.x-1.3","matchCriteriaId":"7B47C696-F155-40E2-A6A0-D07D58F6F3E0"}]}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2024-031","source":"mlhess@drupal.org","tags":["Third Party Advisory"]}]}}]}