MidnightBSD

Advisories for values_project

CVE-2015-8761 MEDIUM

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
values_project values 7.x-1.0
values_project values 7.x-1.1