VYPR
Critical severity9.0NVD Advisory· Published Jan 8, 2016· Updated Jun 17, 2026

CVE-2015-8761

CVE-2015-8761

Description

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • cpe:2.3:a:values_project:values:7.x-1.0:beta1:*:*:*:drupal:*:*+ 9 more
    • cpe:2.3:a:values_project:values:7.x-1.0:beta1:*:*:*:drupal:*:*
    • cpe:2.3:a:values_project:values:7.x-1.0:beta2:*:*:*:drupal:*:*
    • cpe:2.3:a:values_project:values:7.x-1.0:beta3:*:*:*:drupal:*:*
    • cpe:2.3:a:values_project:values:7.x-1.0:*:*:*:*:drupal:*:*
    • cpe:2.3:a:values_project:values:7.x-1.0:rc1:*:*:*:drupal:*:*
    • cpe:2.3:a:values_project:values:7.x-1.0:rc2:*:*:*:drupal:*:*
    • cpe:2.3:a:values_project:values:7.x-1.0:rc3:*:*:*:drupal:*:*
    • cpe:2.3:a:values_project:values:7.x-1.0:rc4:*:*:*:drupal:*:*
    • cpe:2.3:a:values_project:values:7.x-1.0:rc5:*:*:*:drupal:*:*
    • cpe:2.3:a:values_project:values:7.x-1.1:*:*:*:*:drupal:*:*
  • Drupal/Valuesllm-create
    Range: <7.x-1.2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.