CVE-2024-13267 – This vulnerability allows attackers to include ... (How to Fix)

Q: What is the severity of CVE-2024-13267?

CVE-2024-13267 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to include and execute arbitrary PHP files on Drupal sites using the Opigno TinCan Question Type module. It affects Drupal 7 installations with the vulnerable module versions, potentially leading to remote code execution. Site administrators using affected versions should patch immediately.

📋 TL;DR

This vulnerability allows attackers to include and execute arbitrary PHP files on Drupal sites using the Opigno TinCan Question Type module. It affects Drupal 7 installations with the vulnerable module versions, potentially leading to remote code execution. Site administrators using affected versions should patch immediately.

💻 Affected Systems

Products:

Drupal Opigno TinCan Question Type

Versions: 7.X-1.0 through 7.X-1.2

Operating Systems: All operating systems running Drupal 7

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Drupal 7 with the Opigno TinCan Question Type module installed and enabled.

📦 What is this software?

Tincan Question Type by Opigno

View all CVEs affecting Tincan Question Type →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local file inclusion allowing attackers to read sensitive files, escalate privileges, or execute limited PHP code.

🟢

If Mitigated

Limited impact if proper file permissions and web server restrictions prevent PHP execution from unauthorized directories.

🌐 Internet-Facing: HIGH - Drupal sites are typically internet-facing, and this vulnerability could be exploited remotely.

🏢 Internal Only: MEDIUM - Internal Drupal sites could still be exploited by authenticated users or through other attack vectors.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires some level of access or social engineering to trigger the vulnerable functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.X-1.3

Vendor Advisory: https://www.drupal.org/sa-contrib-2024-031

Restart Required: No

Instructions:

1. Download version 7.X-1.3 from Drupal.org. 2. Replace the existing Opigno TinCan Question Type module files. 3. Clear Drupal caches via admin/config/development/performance. 4. Verify the module version shows 7.X-1.3.

🔧 Temporary Workarounds

Disable vulnerable module

all

Temporarily disable the Opigno TinCan Question Type module until patching is possible.

drush dis opigno_tincan_question_type
Or disable via Drupal admin interface at admin/modules

🧯 If You Can't Patch

Implement strict file permissions to prevent PHP execution from user-uploaded directories.
Use web application firewall rules to block suspicious file inclusion patterns.

🔍 How to Verify

Check if Vulnerable:

Check the module version at admin/modules or via drush: drush pml | grep opigno_tincan_question_type

Check Version:

drush pml --status=enabled --type=module | grep opigno_tincan_question_type

Verify Fix Applied:

Confirm module version is 7.X-1.3 or higher via admin/modules or drush command.

📡 Detection & Monitoring

Log Indicators:

Unusual file inclusion attempts in web server logs
PHP errors related to file inclusion failures
Access to unexpected PHP files via web requests

Network Indicators:

HTTP requests with suspicious file paths containing '../' or similar directory traversal patterns

SIEM Query:

web_access_logs WHERE url CONTAINS 'opigno_tincan_question_type' AND (url CONTAINS '../' OR url CONTAINS 'php://' OR url CONTAINS 'file://')

📊 Metadata

CVE ID: CVE-2024-13267

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-96

EPSS Score: 0.16% exploit probability (36.4th percentile)

Published: January 9, 2025

Last Updated: August 27, 2025

🔗 References

https://www.drupal.org/sa-contrib-2024-031 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13267, you might also want to check these: