Vulnerabilites related to spip - spip
cve-2006-0519
Vulnerability from cvelistv5
Published
2006-02-02 11:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zone-h.org/en/advisories/read/id=8650/ | x_refsource_MISC | |
| http://secunia.com/advisories/18676 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0398 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24399 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "18676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18676"
},
{
"name": "ADV-2006-0398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "spip-incmessforum-path-disclosure(24399)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "18676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18676"
},
{
"name": "ADV-2006-0398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "spip-incmessforum-path-disclosure(24399)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zone-h.org/en/advisories/read/id=8650/",
"refsource": "MISC",
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "18676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18676"
},
{
"name": "ADV-2006-0398",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "spip-incmessforum-path-disclosure(24399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0519",
"datePublished": "2006-02-02T11:00:00",
"dateReserved": "2006-02-02T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4331
Vulnerability from cvelistv5
Published
2012-08-14 22:00
Modified
2024-09-16 16:33
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1026970 | vdb-entry, x_refsource_SECTRACK | |
| http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/ | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:08.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1026970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026970"
},
{
"name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-14T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1026970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026970"
},
{
"name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1026970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026970"
},
{
"name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables",
"refsource": "MLIST",
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4331",
"datePublished": "2012-08-14T22:00:00Z",
"dateReserved": "2012-08-14T00:00:00Z",
"dateUpdated": "2024-09-16T16:33:40.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16394
Vulnerability from cvelistv5
Published
2019-09-17 20:47
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html | x_refsource_MISC | |
| https://core.spip.net/issues/4171 | x_refsource_MISC | |
| https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone | x_refsource_MISC | |
| https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Sep/40 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4532 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://core.spip.net/issues/4171"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T17:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://core.spip.net/issues/4171"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"name": "https://core.spip.net/issues/4171",
"refsource": "MISC",
"url": "https://core.spip.net/issues/4171"
},
{
"name": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone",
"refsource": "MISC",
"url": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone"
},
{
"name": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone",
"refsource": "MISC",
"url": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4536-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16394",
"datePublished": "2019-09-17T20:47:50",
"dateReserved": "2019-09-17T00:00:00",
"dateUpdated": "2024-08-05T01:17:39.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7303
Vulnerability from cvelistv5
Published
2014-01-30 21:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/56381 | third-party-advisory, x_refsource_SECUNIA | |
| http://core.spip.org/projects/spip/repository/revisions/20902 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90643 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1029703 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/oss-sec/2014/q1/128 | mailing-list, x_refsource_MLIST | |
| http://www.spip.net/fr_article5665.html | x_refsource_CONFIRM | |
| http://zone.spip.org/trac/spip-zone/changeset/77768 | x_refsource_CONFIRM | |
| http://www.spip.net/fr_article5648.html | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q1/123 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20902"
},
{
"name": "spip-cve20137303-xss(90643)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90643"
},
{
"name": "1029703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029703"
},
{
"name": "[oss-security] 20140120 Re: CVE request: spip: cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spip.net/fr_article5665.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://zone.spip.org/trac/spip-zone/changeset/77768"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spip.net/fr_article5648.html"
},
{
"name": "[oss-security] 20140120 CVE request: spip: cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "56381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20902"
},
{
"name": "spip-cve20137303-xss(90643)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90643"
},
{
"name": "1029703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029703"
},
{
"name": "[oss-security] 20140120 Re: CVE request: spip: cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spip.net/fr_article5665.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://zone.spip.org/trac/spip-zone/changeset/77768"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spip.net/fr_article5648.html"
},
{
"name": "[oss-security] 20140120 CVE request: spip: cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2013-7303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56381"
},
{
"name": "http://core.spip.org/projects/spip/repository/revisions/20902",
"refsource": "CONFIRM",
"url": "http://core.spip.org/projects/spip/repository/revisions/20902"
},
{
"name": "spip-cve20137303-xss(90643)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90643"
},
{
"name": "1029703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029703"
},
{
"name": "[oss-security] 20140120 Re: CVE request: spip: cross-site scripting vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/128"
},
{
"name": "http://www.spip.net/fr_article5665.html",
"refsource": "CONFIRM",
"url": "http://www.spip.net/fr_article5665.html"
},
{
"name": "http://zone.spip.org/trac/spip-zone/changeset/77768",
"refsource": "CONFIRM",
"url": "http://zone.spip.org/trac/spip-zone/changeset/77768"
},
{
"name": "http://www.spip.net/fr_article5648.html",
"refsource": "CONFIRM",
"url": "http://www.spip.net/fr_article5648.html"
},
{
"name": "[oss-security] 20140120 CVE request: spip: cross-site scripting vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2013-7303",
"datePublished": "2014-01-30T21:00:00",
"dateReserved": "2014-01-20T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7999
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93451 | vdb-entry, x_refsource_BID | |
| https://core.spip.net/projects/spip/repository/revisions/23193 | x_refsource_CONFIRM | |
| https://core.spip.net/projects/spip/repository/revisions/23188 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/10/07/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/08/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/05/17 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/12/10 | mailing-list, x_refsource_MLIST | |
| https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23188"
},
{
"name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name": "[oss-security] 20161012 CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23188"
},
{
"name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name": "[oss-security] 20161012 CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23193",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23193"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23188",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23188"
},
{
"name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name": "[oss-security] 20161012 CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/10"
},
{
"name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7999",
"datePublished": "2017-01-18T17:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4556
Vulnerability from cvelistv5
Published
2013-11-15 18:16
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2013/dsa-2794 | vendor-advisory, x_refsource_DEBIAN | |
| http://core.spip.org/projects/spip/repository/revisions/20880 | x_refsource_CONFIRM | |
| http://www.spip.net/fr_article5646.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1029317 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2013/11/10/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/55551 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.spip.net/fr_article5648.html | x_refsource_CONFIRM | |
| http://core.spip.org/projects/spip/repository/revisions/20879 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2794",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spip.net/fr_article5646.html"
},
{
"name": "1029317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029317"
},
{
"name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"name": "55551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spip.net/fr_article5648.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2794",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spip.net/fr_article5646.html"
},
{
"name": "1029317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029317"
},
{
"name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"name": "55551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spip.net/fr_article5648.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2794",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"name": "http://core.spip.org/projects/spip/repository/revisions/20880",
"refsource": "CONFIRM",
"url": "http://core.spip.org/projects/spip/repository/revisions/20880"
},
{
"name": "http://www.spip.net/fr_article5646.html",
"refsource": "CONFIRM",
"url": "http://www.spip.net/fr_article5646.html"
},
{
"name": "1029317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029317"
},
{
"name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"name": "55551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55551"
},
{
"name": "http://www.spip.net/fr_article5648.html",
"refsource": "CONFIRM",
"url": "http://www.spip.net/fr_article5648.html"
},
{
"name": "http://core.spip.org/projects/spip/repository/revisions/20879",
"refsource": "CONFIRM",
"url": "http://core.spip.org/projects/spip/repository/revisions/20879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4556",
"datePublished": "2013-11-15T18:16:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:15.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0517
Vulnerability from cvelistv5
Published
2006-02-02 11:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/16458 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/22845 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/22848 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24397 | vdb-entry, x_refsource_XF | |
| http://www.zone-h.org/en/advisories/read/id=8650/ | x_refsource_MISC | |
| http://www.osvdb.org/22844 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1015556 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/24397 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/18676 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/423655/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/0398 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/395 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:27.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html"
},
{
"name": "16458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16458"
},
{
"name": "22845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22845"
},
{
"name": "22848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22848"
},
{
"name": "spip-forum-sql-injection(24397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24397"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "22844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22844"
},
{
"name": "1015556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015556"
},
{
"name": "24397",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24397"
},
{
"name": "18676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18676"
},
{
"name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423655/100/0/threaded"
},
{
"name": "ADV-2006-0398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "395",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/395"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to \"session handling\"; and (5) when posting \"petitions\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html"
},
{
"name": "16458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16458"
},
{
"name": "22845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22845"
},
{
"name": "22848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22848"
},
{
"name": "spip-forum-sql-injection(24397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24397"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "22844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22844"
},
{
"name": "1015556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015556"
},
{
"name": "24397",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24397"
},
{
"name": "18676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18676"
},
{
"name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423655/100/0/threaded"
},
{
"name": "ADV-2006-0398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "395",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/395"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to \"session handling\"; and (5) when posting \"petitions\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html"
},
{
"name": "16458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16458"
},
{
"name": "22845",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22845"
},
{
"name": "22848",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22848"
},
{
"name": "spip-forum-sql-injection(24397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24397"
},
{
"name": "http://www.zone-h.org/en/advisories/read/id=8650/",
"refsource": "MISC",
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "22844",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22844"
},
{
"name": "1015556",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015556"
},
{
"name": "24397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24397"
},
{
"name": "18676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18676"
},
{
"name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423655/100/0/threaded"
},
{
"name": "ADV-2006-0398",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "395",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/395"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0517",
"datePublished": "2006-02-02T11:00:00",
"dateReserved": "2006-02-02T00:00:00",
"dateUpdated": "2024-08-07T16:41:27.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26846
Vulnerability from cvelistv5
Published
2022-03-10 04:58
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-security-announce/2022/msg00060.html | x_refsource_MISC | |
| https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html | x_refsource_MISC | |
| https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:44.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
},
{
"name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T12:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
},
{
"name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.debian.org/debian-security-announce/2022/msg00060.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
},
{
"name": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
},
{
"name": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2",
"refsource": "MISC",
"url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
},
{
"name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26846",
"datePublished": "2022-03-10T04:58:29",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-08-03T05:11:44.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8517
Vulnerability from cvelistv5
Published
2024-09-06 15:55
Modified
2024-09-09 15:49
Severity ?
EPSS score ?
Summary
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/ | exploit, technical-description | |
| https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html | vendor-advisory | |
| https://vulncheck.com/advisories/spip-upload-rce | third-party-advisory | |
| https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/ | exploit, technical-description |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spip",
"vendor": "spip",
"versions": [
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.2.15",
"status": "affected",
"version": "4.2.0",
"versionType": "custom"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8517",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:29:04.243583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:30:45.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPIP",
"vendor": "SPIP",
"versions": [
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.15",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Louka Jacques-Chevallier"
},
{
"lang": "en",
"type": "finder",
"value": "Arthur Deloffre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SPIP before 4.3.2, 4.2.16, and \n4.1.18 is vulnerable to a command injection issue. A \nremote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.\u003cbr\u003e"
}
],
"value": "SPIP before 4.3.2, 4.2.16, and \n4.1.18 is vulnerable to a command injection issue. A \nremote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-646",
"description": "CWE-646: Reliance on File Name or Extension of Externally-Supplied File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T15:49:22.874Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/spip-upload-rce"
},
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SPIP Bigup Multipart File Upload OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-8517",
"datePublished": "2024-09-06T15:55:35.349Z",
"dateReserved": "2024-09-06T14:37:41.755Z",
"dateUpdated": "2024-09-09T15:49:22.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28961
Vulnerability from cvelistv5
Published
2022-05-19 20:26
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/ | x_refsource_MISC | |
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html | x_refsource_MISC | |
| https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/ | x_refsource_MISC | |
| https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 | x_refsource_MISC | |
| https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:57.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T20:26:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/",
"refsource": "MISC",
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"name": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/",
"refsource": "MISC",
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"name": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4",
"refsource": "MISC",
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"name": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf",
"refsource": "MISC",
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28961",
"datePublished": "2022-05-19T20:26:16",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:57.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0626
Vulnerability from cvelistv5
Published
2006-02-09 18:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16551 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/23087 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/0483 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18676 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1015602 | vdb-entry, x_refsource_SECTRACK | |
| http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24599 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16551"
},
{
"name": "23087",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23087"
},
{
"name": "ADV-2006-0483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0483"
},
{
"name": "18676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18676"
},
{
"name": "1015602",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html"
},
{
"name": "spip-access-doc-sql-injection(24599)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24599"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16551"
},
{
"name": "23087",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23087"
},
{
"name": "ADV-2006-0483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0483"
},
{
"name": "18676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18676"
},
{
"name": "1015602",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html"
},
{
"name": "spip-access-doc-sql-injection(24599)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24599"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16551"
},
{
"name": "23087",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23087"
},
{
"name": "ADV-2006-0483",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0483"
},
{
"name": "18676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18676"
},
{
"name": "1015602",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015602"
},
{
"name": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html"
},
{
"name": "spip-access-doc-sql-injection(24599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24599"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0626",
"datePublished": "2006-02-09T18:00:00",
"dateReserved": "2006-02-09T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9736
Vulnerability from cvelistv5
Published
2017-06-17 16:00
Modified
2024-08-05 17:18
Severity ?
EPSS score ?
Summary
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3890 | vendor-advisory, x_refsource_DEBIAN | |
| https://core.spip.net/projects/spip/repository/revisions/23593 | x_refsource_CONFIRM | |
| https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta | x_refsource_CONFIRM | |
| https://core.spip.net/projects/spip/repository/revisions/23594 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3890",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23593"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3890",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23593"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3890",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3890"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23593",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23593"
},
{
"name": "https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta",
"refsource": "CONFIRM",
"url": "https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23594",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9736",
"datePublished": "2017-06-17T16:00:00",
"dateReserved": "2017-06-17T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16393
Vulnerability from cvelistv5
Published
2019-09-17 20:48
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html | x_refsource_MISC | |
| https://core.spip.net/issues/4362 | x_refsource_MISC | |
| https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1 | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Sep/40 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4532 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://core.spip.net/issues/4362"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T17:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://core.spip.net/issues/4362"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"name": "https://core.spip.net/issues/4362",
"refsource": "MISC",
"url": "https://core.spip.net/issues/4362"
},
{
"name": "https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1",
"refsource": "MISC",
"url": "https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4536-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16393",
"datePublished": "2019-09-17T20:48:04",
"dateReserved": "2019-09-17T00:00:00",
"dateUpdated": "2024-08-05T01:17:39.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52322
Vulnerability from cvelistv5
Published
2024-01-04 00:00
Modified
2024-08-02 22:55
Severity ?
EPSS score ?
Summary
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr"
},
{
"name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3761-1] spip security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T16:05:59.341541",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb"
},
{
"url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr"
},
{
"name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3761-1] spip security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00014.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52322",
"datePublished": "2024-01-04T00:00:00",
"dateReserved": "2024-01-04T00:00:00",
"dateUpdated": "2024-08-02T22:55:41.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9997
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95008 | vdb-entry, x_refsource_BID | |
| https://core.spip.net/projects/spip/repository/revisions/23288 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037486 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
},
{
"name": "1037486",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
},
{
"name": "1037486",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95008"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23288",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
},
{
"name": "1037486",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9997",
"datePublished": "2016-12-17T03:34:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9152
Vulnerability from cvelistv5
Published
2016-12-05 18:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94658 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037392 | vdb-entry, x_refsource_SECTRACK | |
| https://core.spip.net/projects/spip/repository/revisions/23290 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94658"
},
{
"name": "1037392",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94658"
},
{
"name": "1037392",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94658"
},
{
"name": "1037392",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037392"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23290",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9152",
"datePublished": "2016-12-05T18:00:00",
"dateReserved": "2016-11-03T00:00:00",
"dateUpdated": "2024-08-06T02:42:11.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3153
Vulnerability from cvelistv5
Published
2016-04-08 14:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://core.spip.net/projects/spip/repository/revisions/22911 | x_refsource_CONFIRM | |
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3518 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/22911"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"name": "DSA-3518",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-08T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/22911"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"name": "DSA-3518",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://core.spip.net/projects/spip/repository/revisions/22911",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/22911"
},
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr",
"refsource": "CONFIRM",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"name": "DSA-3518",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3153",
"datePublished": "2016-04-08T14:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2118
Vulnerability from cvelistv5
Published
2013-07-09 17:00
Modified
2024-09-16 23:05
Severity ?
EPSS score ?
Summary
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr | x_refsource_CONFIRM | |
| http://core.spip.org/projects/spip/repository/revisions/20541 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/05/27/2 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2013/dsa-2694 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20541"
},
{
"name": "[oss-security] 20130527 Re: CVE Request: SPIP privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/2"
},
{
"name": "DSA-2694",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and \"take editorial control\" via vectors related to ecrire/inc/filtres.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-09T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20541"
},
{
"name": "[oss-security] 20130527 Re: CVE Request: SPIP privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/2"
},
{
"name": "DSA-2694",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2694"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and \"take editorial control\" via vectors related to ecrire/inc/filtres.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr",
"refsource": "CONFIRM",
"url": "http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr"
},
{
"name": "http://core.spip.org/projects/spip/repository/revisions/20541",
"refsource": "MISC",
"url": "http://core.spip.org/projects/spip/repository/revisions/20541"
},
{
"name": "[oss-security] 20130527 Re: CVE Request: SPIP privilege escalation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/2"
},
{
"name": "DSA-2694",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2694"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2118",
"datePublished": "2013-07-09T17:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:05:53.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9998
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95008 | vdb-entry, x_refsource_BID | |
| https://core.spip.net/projects/spip/repository/revisions/23288 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037486 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
},
{
"name": "1037486",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
},
{
"name": "1037486",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95008"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23288",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
},
{
"name": "1037486",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9998",
"datePublished": "2016-12-17T03:34:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23659
Vulnerability from cvelistv5
Published
2024-01-19 00:00
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T05:00:11.364603",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr"
},
{
"url": "https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc"
},
{
"url": "https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-23659",
"datePublished": "2024-01-19T00:00:00",
"dateReserved": "2024-01-19T00:00:00",
"dateUpdated": "2024-08-01T23:06:25.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44118
Vulnerability from cvelistv5
Published
2022-01-26 11:07
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a | x_refsource_MISC | |
| https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 | x_refsource_MISC | |
| https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T11:07:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a",
"refsource": "MISC",
"url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"
},
{
"name": "https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357",
"refsource": "MISC",
"url": "https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357"
},
{
"name": "https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba",
"refsource": "MISC",
"url": "https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44118",
"datePublished": "2022-01-26T11:07:57",
"dateReserved": "2021-11-22T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28960
Vulnerability from cvelistv5
Published
2022-05-19 20:26
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
References
| ▼ | URL | Tags |
|---|---|---|
| https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/ | x_refsource_MISC | |
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html | x_refsource_MISC | |
| https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/ | x_refsource_MISC | |
| https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 | x_refsource_MISC | |
| https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:57.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T20:26:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/",
"refsource": "MISC",
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"name": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/",
"refsource": "MISC",
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"name": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4",
"refsource": "MISC",
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"name": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf",
"refsource": "MISC",
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28960",
"datePublished": "2022-05-19T20:26:14",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:57.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1295
Vulnerability from cvelistv5
Published
2006-03-19 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zone-h.fr/advisories/read/id=1105 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/17130 | vdb-entry, x_refsource_BID | |
| http://www.silitix.com/spip-xss.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25389 | vdb-entry, x_refsource_XF | |
| http://zone.spip.org/trac/spip-zone/changeset/1672 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:29.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zone-h.fr/advisories/read/id=1105"
},
{
"name": "17130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17130"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.silitix.com/spip-xss.html"
},
{
"name": "spip-research-xss(25389)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://zone.spip.org/trac/spip-zone/changeset/1672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zone-h.fr/advisories/read/id=1105"
},
{
"name": "17130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17130"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.silitix.com/spip-xss.html"
},
{
"name": "spip-research-xss(25389)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://zone.spip.org/trac/spip-zone/changeset/1672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zone-h.fr/advisories/read/id=1105",
"refsource": "MISC",
"url": "http://www.zone-h.fr/advisories/read/id=1105"
},
{
"name": "17130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17130"
},
{
"name": "http://www.silitix.com/spip-xss.html",
"refsource": "MISC",
"url": "http://www.silitix.com/spip-xss.html"
},
{
"name": "spip-research-xss(25389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389"
},
{
"name": "http://zone.spip.org/trac/spip-zone/changeset/1672",
"refsource": "CONFIRM",
"url": "http://zone.spip.org/trac/spip-zone/changeset/1672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1295",
"datePublished": "2006-03-19T23:00:00",
"dateReserved": "2006-03-19T00:00:00",
"dateUpdated": "2024-08-07T17:03:29.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11071
Vulnerability from cvelistv5
Published
2019-04-10 20:36
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html | x_refsource_MISC | |
| https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36 | x_refsource_MISC | |
| https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e | x_refsource_MISC | |
| https://github.com/spip/SPIP/compare/1e3872c...9861a47 | x_refsource_MISC | |
| https://www.debian.org/security/2019/dsa-4429 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47"
},
{
"name": "DSA-4429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4429"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T17:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47"
},
{
"name": "DSA-4429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4429"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html"
},
{
"name": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36",
"refsource": "MISC",
"url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36"
},
{
"name": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e",
"refsource": "MISC",
"url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e"
},
{
"name": "https://github.com/spip/SPIP/compare/1e3872c...9861a47",
"refsource": "MISC",
"url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47"
},
{
"name": "DSA-4429",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4429"
},
{
"name": "USN-4536-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4536-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11071",
"datePublished": "2019-04-10T20:36:43",
"dateReserved": "2019-04-10T00:00:00",
"dateUpdated": "2024-08-04T22:40:16.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4525
Vulnerability from cvelistv5
Published
2007-08-25 00:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/25416 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3056 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/477423/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/477728/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36218 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25416",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25416"
},
{
"name": "3056",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3056"
},
{
"name": "20070823 SPIP v1.7 Remote File Inclusion Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477423/100/0/threaded"
},
{
"name": "20070824 Re: SPIP v1.7 Remote File Inclusion Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477728/100/0/threaded"
},
{
"name": "spip-inccalcul-file-include(36218)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25416",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25416"
},
{
"name": "3056",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3056"
},
{
"name": "20070823 SPIP v1.7 Remote File Inclusion Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477423/100/0/threaded"
},
{
"name": "20070824 Re: SPIP v1.7 Remote File Inclusion Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477728/100/0/threaded"
},
{
"name": "spip-inccalcul-file-include(36218)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36218"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25416"
},
{
"name": "3056",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3056"
},
{
"name": "20070823 SPIP v1.7 Remote File Inclusion Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477423/100/0/threaded"
},
{
"name": "20070824 Re: SPIP v1.7 Remote File Inclusion Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477728/100/0/threaded"
},
{
"name": "spip-inccalcul-file-include(36218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36218"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4525",
"datePublished": "2007-08-25T00:00:00",
"dateReserved": "2007-08-24T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4555
Vulnerability from cvelistv5
Published
2013-11-15 18:16
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2013/dsa-2794 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.spip.net/fr_article5646.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1029317 | vdb-entry, x_refsource_SECTRACK | |
| http://core.spip.org/projects/spip/repository/revisions/20874 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/11/10/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/55551 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2794",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spip.net/fr_article5646.html"
},
{
"name": "1029317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029317"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20874"
},
{
"name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"name": "55551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2794",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spip.net/fr_article5646.html"
},
{
"name": "1029317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029317"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20874"
},
{
"name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"name": "55551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2794",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"name": "http://www.spip.net/fr_article5646.html",
"refsource": "CONFIRM",
"url": "http://www.spip.net/fr_article5646.html"
},
{
"name": "1029317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029317"
},
{
"name": "http://core.spip.org/projects/spip/repository/revisions/20874",
"refsource": "CONFIRM",
"url": "http://core.spip.org/projects/spip/repository/revisions/20874"
},
{
"name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"name": "55551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4555",
"datePublished": "2013-11-15T18:16:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19830
Vulnerability from cvelistv5
Published
2019-12-17 04:33
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2019/dsa-4583 | vendor-advisory, x_refsource_DEBIAN | |
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html | x_refsource_MISC | |
| https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias | x_refsource_MISC | |
| https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69 | x_refsource_MISC | |
| https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4583",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T17:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4583",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4583",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4583"
},
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html"
},
{
"name": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias",
"refsource": "MISC",
"url": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias"
},
{
"name": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69",
"refsource": "MISC",
"url": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69"
},
{
"name": "USN-4536-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4536-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19830",
"datePublished": "2019-12-17T04:33:32",
"dateReserved": "2019-12-17T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1702
Vulnerability from cvelistv5
Published
2006-04-11 10:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/17423 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/430443/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25711 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17423"
},
{
"name": "20060409 Vulnerabilities in SPIP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded"
},
{
"name": "spip-spiplogin-file-include(25711)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17423"
},
{
"name": "20060409 Vulnerabilities in SPIP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded"
},
{
"name": "spip-spiplogin-file-include(25711)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17423"
},
{
"name": "20060409 Vulnerabilities in SPIP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded"
},
{
"name": "spip-spiplogin-file-include(25711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1702",
"datePublished": "2006-04-11T10:00:00",
"dateReserved": "2006-04-10T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27372
Vulnerability from cvelistv5
Published
2023-02-28 00:00
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d"
},
{
"name": "DSA-5367",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5367"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html"
},
{
"url": "https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266"
},
{
"url": "https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d"
},
{
"name": "DSA-5367",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5367"
},
{
"url": "http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27372",
"datePublished": "2023-02-28T00:00:00",
"dateReserved": "2023-02-28T00:00:00",
"dateUpdated": "2024-08-02T12:09:43.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0625
Vulnerability from cvelistv5
Published
2006-02-09 18:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16556 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/0483 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/23086 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24600 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/18676 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1015602 | vdb-entry, x_refsource_SECTRACK | |
| http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16556"
},
{
"name": "ADV-2006-0483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0483"
},
{
"name": "23086",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23086"
},
{
"name": "spip-rss-file-include(24600)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24600"
},
{
"name": "18676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18676"
},
{
"name": "1015602",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via \"..\" sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16556"
},
{
"name": "ADV-2006-0483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0483"
},
{
"name": "23086",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23086"
},
{
"name": "spip-rss-file-include(24600)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24600"
},
{
"name": "18676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18676"
},
{
"name": "1015602",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via \"..\" sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16556"
},
{
"name": "ADV-2006-0483",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0483"
},
{
"name": "23086",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23086"
},
{
"name": "spip-rss-file-include(24600)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24600"
},
{
"name": "18676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18676"
},
{
"name": "1015602",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015602"
},
{
"name": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0625",
"datePublished": "2006-02-09T18:00:00",
"dateReserved": "2006-02-09T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5813
Vulnerability from cvelistv5
Published
2009-01-02 18:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33307 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47626 | vdb-entry, x_refsource_XF | |
| http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47695 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/33021 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/33061 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33307"
},
{
"name": "spip-rubriques-sql-injection(47626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"name": "spip-multiple-unspecified(47695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
},
{
"name": "33021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33021"
},
{
"name": "33061",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33307"
},
{
"name": "spip-rubriques-sql-injection(47626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"name": "spip-multiple-unspecified(47695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
},
{
"name": "33021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33021"
},
{
"name": "33061",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33307"
},
{
"name": "spip-rubriques-sql-injection(47626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626"
},
{
"name": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2",
"refsource": "CONFIRM",
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"name": "spip-multiple-unspecified(47695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
},
{
"name": "33021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33021"
},
{
"name": "33061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5813",
"datePublished": "2009-01-02T18:00:00",
"dateReserved": "2009-01-02T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37155
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/ZH7CPc8X"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/"
},
{
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html"
},
{
"url": "https://pastebin.com/ZH7CPc8X"
},
{
"url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37155",
"datePublished": "2022-12-13T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28984
Vulnerability from cvelistv5
Published
2020-11-23 21:48
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8 | x_refsource_MISC | |
| https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8 | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4798 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8"
},
{
"name": "DSA-4798",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4798"
},
{
"name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2505-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T19:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8"
},
{
"name": "DSA-4798",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4798"
},
{
"name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2505-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8",
"refsource": "MISC",
"url": "https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8"
},
{
"name": "https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8",
"refsource": "MISC",
"url": "https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8"
},
{
"name": "DSA-4798",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4798"
},
{
"name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2505-1] spip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28984",
"datePublished": "2020-11-23T21:48:53",
"dateReserved": "2020-11-23T00:00:00",
"dateUpdated": "2024-08-04T16:48:01.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44123
Vulnerability from cvelistv5
Published
2022-01-26 11:57
Modified
2024-08-04 04:17
Severity ?
EPSS score ?
Summary
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:23.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T11:57:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a",
"refsource": "MISC",
"url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44123",
"datePublished": "2022-01-26T11:57:30",
"dateReserved": "2021-11-22T00:00:00",
"dateUpdated": "2024-08-04T04:17:23.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16392
Vulnerability from cvelistv5
Published
2019-09-17 20:48
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html | x_refsource_MISC | |
| https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028 | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Sep/40 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4532 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T17:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"name": "https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028",
"refsource": "MISC",
"url": "https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4536-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16392",
"datePublished": "2019-09-17T20:48:28",
"dateReserved": "2019-09-17T00:00:00",
"dateUpdated": "2024-08-05T01:17:39.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7981
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93451 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/10/12/7 | mailing-list, x_refsource_MLIST | |
| https://core.spip.net/projects/spip/repository/revisions/23200 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/10/06/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/05/17 | mailing-list, x_refsource_MLIST | |
| https://core.spip.net/projects/spip/repository/revisions/23202 | x_refsource_CONFIRM | |
| https://core.spip.net/projects/spip/repository/revisions/23201 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "[oss-security] 20161012 CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23200"
},
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-19T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "[oss-security] 20161012 CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23200"
},
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "[oss-security] 20161012 CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/7"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23200",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23200"
},
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23202",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23201",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7981",
"datePublished": "2017-01-18T17:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24258
Vulnerability from cvelistv5
Published
2023-02-27 00:00
Modified
2024-08-02 10:56
Severity ?
EPSS score ?
Summary
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:02.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html"
},
{
"name": "DSA-5325",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md"
},
{
"url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html"
},
{
"name": "DSA-5325",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5325"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-24258",
"datePublished": "2023-02-27T00:00:00",
"dateReserved": "2023-01-23T00:00:00",
"dateUpdated": "2024-08-02T10:56:02.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7954
Vulnerability from cvelistv5
Published
2024-08-23 17:43
Modified
2024-08-23 18:31
Severity ?
EPSS score ?
Summary
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vulncheck.com/advisories/spip-porte-plume | third-party-advisory | |
| https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html | vendor-advisory | |
| https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/ | technical-description, exploit |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spip",
"vendor": "spip",
"versions": [
{
"lessThan": "4.3.0-alpha2",
"status": "affected",
"version": "4.3.0-alpha",
"versionType": "custom"
},
{
"lessThan": "4.2.13",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.16",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T18:26:49.808289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T18:31:44.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPIP",
"vendor": "SPIP",
"versions": [
{
"lessThan": "4.3.0-alpha2",
"status": "affected",
"version": "4.3.0-alpha",
"versionType": "custom"
},
{
"lessThan": "4.2.13",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.16",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Louka Jacques-Chevallier"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.\u003cbr\u003e"
}
],
"value": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T17:46:17.470Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/spip-porte-plume"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SPIP porte_plume Plugin Arbitrary PHP Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-7954",
"datePublished": "2024-08-23T17:43:20.967Z",
"dateReserved": "2024-08-19T18:16:30.180Z",
"dateUpdated": "2024-08-23T18:31:44.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3041
Vulnerability from cvelistv5
Published
2009-09-01 18:04
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36008 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52381 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/36365 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.spip-contrib.net/SPIP-Security-Alert-new-version | x_refsource_CONFIRM | |
| http://fil.rezo.net/secu-14346-14350+14354.patch | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36008"
},
{
"name": "spip-unspecified-unauth-access(52381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52381"
},
{
"name": "36365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36365"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spip-contrib.net/SPIP-Security-Alert-new-version"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://fil.rezo.net/secu-14346-14350+14354.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36008"
},
{
"name": "spip-unspecified-unauth-access(52381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52381"
},
{
"name": "36365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36365"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spip-contrib.net/SPIP-Security-Alert-new-version"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://fil.rezo.net/secu-14346-14350+14354.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36008"
},
{
"name": "spip-unspecified-unauth-access(52381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52381"
},
{
"name": "36365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36365"
},
{
"name": "http://www.spip-contrib.net/SPIP-Security-Alert-new-version",
"refsource": "CONFIRM",
"url": "http://www.spip-contrib.net/SPIP-Security-Alert-new-version"
},
{
"name": "http://fil.rezo.net/secu-14346-14350+14354.patch",
"refsource": "MISC",
"url": "http://fil.rezo.net/secu-14346-14350+14354.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3041",
"datePublished": "2009-09-01T18:04:00",
"dateReserved": "2009-09-01T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44122
Vulnerability from cvelistv5
Published
2022-01-26 11:47
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T11:47:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db",
"refsource": "MISC",
"url": "https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44122",
"datePublished": "2022-01-26T11:47:55",
"dateReserved": "2021-11-22T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7998
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93451 | vdb-entry, x_refsource_BID | |
| https://core.spip.net/projects/spip/repository/revisions/23189 | x_refsource_CONFIRM | |
| https://core.spip.net/projects/spip/repository/revisions/23192 | x_refsource_CONFIRM | |
| https://core.spip.net/projects/spip/repository/revisions/23186 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/10/07/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/08/6 | mailing-list, x_refsource_MLIST | |
| https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2016/10/05/17 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23186"
},
{
"name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23186"
},
{
"name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23189",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23189"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23192",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23192"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23186",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23186"
},
{
"name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7998",
"datePublished": "2017-01-18T17:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15736
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-08-05 20:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://core.spip.net/projects/spip/repository/revisions/23701 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4228 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23701"
},
{
"name": "DSA-4228",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4228"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T17:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23701"
},
{
"name": "DSA-4228",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4228"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23701",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23701"
},
{
"name": "DSA-4228",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4228"
},
{
"name": "USN-4536-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4536-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15736",
"datePublished": "2017-10-21T22:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4557
Vulnerability from cvelistv5
Published
2013-11-15 18:16
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2013/dsa-2794 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.spip.net/fr_article5646.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1029317 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2013/11/10/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/55551 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.spip.net/fr_article5648.html | x_refsource_CONFIRM | |
| http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2794",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spip.net/fr_article5646.html"
},
{
"name": "1029317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029317"
},
{
"name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"name": "55551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spip.net/fr_article5648.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2794",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spip.net/fr_article5646.html"
},
{
"name": "1029317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029317"
},
{
"name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"name": "55551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spip.net/fr_article5648.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2794",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"name": "http://www.spip.net/fr_article5646.html",
"refsource": "CONFIRM",
"url": "http://www.spip.net/fr_article5646.html"
},
{
"name": "1029317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029317"
},
{
"name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"name": "55551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55551"
},
{
"name": "http://www.spip.net/fr_article5648.html",
"refsource": "CONFIRM",
"url": "http://www.spip.net/fr_article5648.html"
},
{
"name": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php",
"refsource": "CONFIRM",
"url": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4557",
"datePublished": "2013-11-15T18:16:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44120
Vulnerability from cvelistv5
Published
2022-01-26 11:26
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author\u0027s information, the malicious code will be executed. The \"Who are you\" and \"Website Name\" fields are vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T11:26:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author\u0027s information, the malicious code will be executed. The \"Who are you\" and \"Website Name\" fields are vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81",
"refsource": "MISC",
"url": "https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44120",
"datePublished": "2022-01-26T11:26:27",
"dateReserved": "2021-11-22T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7982
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93451 | vdb-entry, x_refsource_BID | |
| https://core.spip.net/projects/spip/repository/revisions/23200 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/10/06/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/05/17 | mailing-list, x_refsource_MLIST | |
| https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2016/10/12/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23200"
},
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/"
},
{
"name": "[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23200"
},
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/"
},
{
"name": "[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23200",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23200"
},
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/"
},
{
"name": "[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7982",
"datePublished": "2017-01-18T17:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2151
Vulnerability from cvelistv5
Published
2012-08-14 22:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75104 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/05/01/4 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id?1026970 | vdb-entry, x_refsource_SECTRACK | |
| http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/ | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/48939 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/81473 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/53216 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2012/dsa-2461 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "spip-unspecified-xss(75104)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75104"
},
{
"name": "[oss-security] 20120501 Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/4"
},
{
"name": "1026970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026970"
},
{
"name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
},
{
"name": "[oss-security] 20120430 CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/4"
},
{
"name": "48939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48939"
},
{
"name": "81473",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81473"
},
{
"name": "53216",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53216"
},
{
"name": "DSA-2461",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "spip-unspecified-xss(75104)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75104"
},
{
"name": "[oss-security] 20120501 Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/4"
},
{
"name": "1026970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026970"
},
{
"name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
},
{
"name": "[oss-security] 20120430 CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/4"
},
{
"name": "48939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48939"
},
{
"name": "81473",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81473"
},
{
"name": "53216",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53216"
},
{
"name": "DSA-2461",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "spip-unspecified-xss(75104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75104"
},
{
"name": "[oss-security] 20120501 Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/4"
},
{
"name": "1026970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026970"
},
{
"name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables",
"refsource": "MLIST",
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
},
{
"name": "[oss-security] 20120430 CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/4"
},
{
"name": "48939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48939"
},
{
"name": "81473",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81473"
},
{
"name": "53216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53216"
},
{
"name": "DSA-2461",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2151",
"datePublished": "2012-08-14T22:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5812
Vulnerability from cvelistv5
Published
2009-01-02 18:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33307 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47695 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/33061 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33307"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"name": "spip-multiple-unspecified(47695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
},
{
"name": "33061",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33307"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"name": "spip-multiple-unspecified(47695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
},
{
"name": "33061",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33307"
},
{
"name": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2",
"refsource": "CONFIRM",
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"name": "spip-multiple-unspecified(47695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
},
{
"name": "33061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5812",
"datePublished": "2009-01-02T18:00:00",
"dateReserved": "2009-01-02T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16391
Vulnerability from cvelistv5
Published
2019-09-17 20:49
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html | x_refsource_MISC | |
| https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79 | x_refsource_MISC | |
| https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66 | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Sep/40 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4532 | vendor-advisory, x_refsource_DEBIAN | |
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T17:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4536-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"name": "https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79",
"refsource": "MISC",
"url": "https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79"
},
{
"name": "https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66",
"refsource": "MISC",
"url": "https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66"
},
{
"name": "20190925 [SECURITY] [DSA 4532-1] spip security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"name": "DSA-4532",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr"
},
{
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"name": "USN-4536-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4536-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16391",
"datePublished": "2019-09-17T20:49:04",
"dateReserved": "2019-09-17T00:00:00",
"dateUpdated": "2024-08-05T01:17:39.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0518
Vulnerability from cvelistv5
Published
2006-02-02 11:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24401 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/22849 | vdb-entry, x_refsource_OSVDB | |
| http://www.zone-h.org/en/advisories/read/id=8650/ | x_refsource_MISC | |
| http://secunia.com/advisories/18676 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0398 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/16461 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "spip-index-xss(24401)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24401"
},
{
"name": "22849",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22849"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "18676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18676"
},
{
"name": "ADV-2006-0398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "16461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "spip-index-xss(24401)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24401"
},
{
"name": "22849",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22849"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "18676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18676"
},
{
"name": "ADV-2006-0398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "16461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "spip-index-xss(24401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24401"
},
{
"name": "22849",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22849"
},
{
"name": "http://www.zone-h.org/en/advisories/read/id=8650/",
"refsource": "MISC",
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "18676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18676"
},
{
"name": "ADV-2006-0398",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "16461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0518",
"datePublished": "2006-02-02T11:00:00",
"dateReserved": "2006-02-02T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3154
Vulnerability from cvelistv5
Published
2016-04-08 14:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3518 | vendor-advisory, x_refsource_DEBIAN | |
| https://core.spip.net/projects/spip/repository/revisions/22903 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"name": "DSA-3518",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3518"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/22903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-08T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"name": "DSA-3518",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3518"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/22903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr",
"refsource": "CONFIRM",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"name": "DSA-3518",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3518"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/22903",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/22903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3154",
"datePublished": "2016-04-08T14:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28959
Vulnerability from cvelistv5
Published
2022-05-19 20:26
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
References
| ▼ | URL | Tags |
|---|---|---|
| https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/ | x_refsource_MISC | |
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html | x_refsource_MISC | |
| https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/ | x_refsource_MISC | |
| https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 | x_refsource_MISC | |
| https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:57.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T20:26:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/",
"refsource": "MISC",
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"name": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/",
"refsource": "MISC",
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"name": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4",
"refsource": "MISC",
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"name": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf",
"refsource": "MISC",
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28959",
"datePublished": "2022-05-19T20:26:11",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:57.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26847
Vulnerability from cvelistv5
Published
2022-03-10 04:58
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-security-announce/2022/msg00060.html | x_refsource_MISC | |
| https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html | x_refsource_MISC | |
| https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:44.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
},
{
"name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T12:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
},
{
"name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.debian.org/debian-security-announce/2022/msg00060.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
},
{
"name": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html",
"refsource": "MISC",
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
},
{
"name": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2",
"refsource": "MISC",
"url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
},
{
"name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26847",
"datePublished": "2022-03-10T04:58:16",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-08-03T05:11:44.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4494
Vulnerability from cvelistv5
Published
2005-12-22 11:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/3061 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/21865 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/21864 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/16019 | vdb-entry, x_refsource_BID | |
| http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html | x_refsource_MISC | |
| http://secunia.com/advisories/18211 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-3061",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3061"
},
{
"name": "21865",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21865"
},
{
"name": "21864",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21864"
},
{
"name": "16019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html"
},
{
"name": "18211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-3061",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3061"
},
{
"name": "21865",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21865"
},
{
"name": "21864",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21864"
},
{
"name": "16019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html"
},
{
"name": "18211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-3061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3061"
},
{
"name": "21865",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21865"
},
{
"name": "21864",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21864"
},
{
"name": "16019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16019"
},
{
"name": "http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html"
},
{
"name": "18211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4494",
"datePublished": "2005-12-22T11:00:00",
"dateReserved": "2005-12-22T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7980
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/93451 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/10/12/6 | mailing-list, x_refsource_MLIST | |
| https://core.spip.net/projects/spip/repository/revisions/23203 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/10/06/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/05/17 | mailing-list, x_refsource_MLIST | |
| https://core.spip.net/projects/spip/repository/revisions/23202 | x_refsource_CONFIRM | |
| https://core.spip.net/projects/spip/repository/revisions/23201 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/"
},
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "[oss-security] 20161012 CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23203"
},
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/"
},
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "[oss-security] 20161012 CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23203"
},
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/"
},
{
"name": "93451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93451"
},
{
"name": "[oss-security] 20161012 CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/6"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23203",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23203"
},
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23202",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"name": "https://core.spip.net/projects/spip/repository/revisions/23201",
"refsource": "CONFIRM",
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7980",
"datePublished": "2017-01-18T17:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-09-17 21:15
Modified
2024-11-21 04:30
Severity ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| spip | spip | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C9CE90-F244-458C-B475-28F2298D6C17",
"versionEndExcluding": "3.1.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054DE097-C977-4694-9F80-ADF007A3CA36",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers."
},
{
"lang": "es",
"value": "SPIP versiones anteriores a 3.1.11 y versiones 3.2 anteriores a 3.2.5, proporciona diferentes mensajes de error desde la p\u00e1gina password-reminder dependiendo de si existe una direcci\u00f3n de correo electr\u00f3nico, que podr\u00eda ayudar a atacantes para enumerar suscriptores."
}
],
"id": "CVE-2019-16394",
"lastModified": "2024-11-21T04:30:37.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-17T21:15:11.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/issues/4171"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/issues/4171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-02 18:11
Modified
2024-11-21 00:54
Severity ?
Summary
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | 1.8 | |
| spip | spip | 1.8.1 | |
| spip | spip | 1.8.2 | |
| spip | spip | 1.8.2b | |
| spip | spip | 1.8.3 | |
| spip | spip | 1.8b1 | |
| spip | spip | 1.8b2 | |
| spip | spip | 1.8b3 | |
| spip | spip | 1.8b4 | |
| spip | spip | 1.8b5 | |
| spip | spip | 1.8b6 | |
| spip | spip | 1.9.0 | |
| spip | spip | 1.9.1 | |
| spip | spip | 1.9.1 | |
| spip | spip | 1.9.2 | |
| spip | spip | 1.9.2f | |
| spip | spip | 2.0.0 | |
| spip | spip | 2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B513AF43-AFCA-494C-A3D0-A35F3214CE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4AC748-27C3-4FEC-A3C0-CF68B7D5DA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91DEC874-206B-4C45-92F5-C6C650F92782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "0A738F49-1968-4748-A48D-7D493BD09313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2258E6D1-B11D-4902-98D2-FC8330BE175D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b1:*:*:*:*:*:*:*",
"matchCriteriaId": "233CD17B-7CA9-4169-85CC-D44C2783A274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F0B947-DA3E-4394-A2B4-240B9792BA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4FBAA9E-2DD6-4FCC-AD97-CF666DB1B6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b4:*:*:*:*:*:*:*",
"matchCriteriaId": "D11D5EC5-EB3F-4517-90E4-FE4B0B6526A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b5:*:*:*:*:*:*:*",
"matchCriteriaId": "537F4814-914D-4493-98FB-F5F21B385F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E128150-5AF1-45EF-8A6F-6709671F22D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EF9B63-0BB2-425A-8A81-1264BD28DB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.1:rev7385:*:*:*:*:*:*",
"matchCriteriaId": "FDBAD023-85A7-4B75-90EA-7C174F746050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.1:rev7502:*:*:*:*:*:*",
"matchCriteriaId": "82D6BD57-507A-4131-9D50-7F76BB9C5DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCB6E24-EA9D-46C4-B128-310DFEB22D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "D95CA7C1-F894-4530-B3D4-44002F387453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en inc/rubriques.php en SPIP v1.8 anteriores a v1.8.3b, v1.9 anteriores a v1.9.2g, y v2.0 anteriores a v2.0.2 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro \"ID\". NOTA: algunos de los detalles han sido obtenidos a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-5813",
"lastModified": "2024-11-21T00:54:57.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-02T18:11:09.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33307"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33021"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33061"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-19 21:15
Modified
2024-11-21 06:58
Severity ?
Summary
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2834C8B-8286-43F8-8DD9-0CAC21094A30",
"versionEndIncluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters."
},
{
"lang": "es",
"value": "Se ha detectado que Spip Web Framework versiones v3.1.13 y anteriores, contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en /ecrire por medio de los par\u00e1metros lier_trad y where"
}
],
"id": "CVE-2022-28961",
"lastModified": "2024-11-21T06:58:14.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-19T21:15:08.150",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 10:02
Modified
2024-11-21 00:09
Severity ?
Summary
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2258E6D1-B11D-4902-98D2-FC8330BE175D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter."
}
],
"id": "CVE-2006-1702",
"lastModified": "2024-11-21T00:09:31.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-11T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17423"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-19 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3C57F2-B911-4EE3-9988-913D9D11567D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D5C97-A36D-4E53-A591-20FE20AF00B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter."
}
],
"id": "CVE-2006-1295",
"lastModified": "2024-11-21T00:08:31.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-19T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17130"
},
{
"source": "cve@mitre.org",
"url": "http://www.silitix.com/spip-xss.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.zone-h.fr/advisories/read/id=1105"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://zone.spip.org/trac/spip-zone/changeset/1672"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.silitix.com/spip-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zone-h.fr/advisories/read/id=1105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://zone.spip.org/trac/spip-zone/changeset/1672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-09 18:06
Modified
2024-11-21 00:06
Severity ?
Summary
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "C1801D09-E761-41F5-97E8-4C4F882D6C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3C57F2-B911-4EE3-9988-913D9D11567D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D5C97-A36D-4E53-A591-20FE20AF00B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via \"..\" sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3."
}
],
"id": "CVE-2006-0625",
"lastModified": "2024-11-21T00:06:56.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-09T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18676"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015602"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23086"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16556"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0483"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24600"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-17 03:59
Modified
2024-11-21 03:02
Severity ?
Summary
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95008 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037486 | ||
| cve@mitre.org | https://core.spip.net/projects/spip/repository/revisions/23288 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95008 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://core.spip.net/projects/spip/repository/revisions/23288 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F886B97D-1648-4D9A-A1A3-9F7982C6259D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "C06AB4FA-EA55-435E-9C04-124BCC008301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "A22B763C-1CE8-4219-A767-8400FFDCCDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "26E98301-4358-464A-952C-FE81F9EC7859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4AE44495-D166-46D4-9375-73890216AF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B645A6EB-B9C5-470C-B42C-E971B2A21D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77374D-F349-4728-91B9-5483C641B33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5276FA-1CDD-4100-B8A6-21ABB1A7E8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0230D10E-96C6-4C13-BF75-E4B398AAE741",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL."
},
{
"lang": "es",
"value": "SPIP 3.1.x sufre de una vulnerabilidad de XSS reflectada en /ecrire/exec/info_plugin.php involucrando el par\u00e1metro `$plugin`, seg\u00fan lo demostrado por una URL /ecrire/?exec=info_plugin."
}
],
"id": "CVE-2016-9998",
"lastModified": "2024-11-21T03:02:09.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-17T03:59:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95008"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037486"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-10 17:48
Modified
2024-11-21 06:54
Severity ?
Summary
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| spip | spip | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAA6131-6D99-4123-9873-B0025DFD6660",
"versionEndExcluding": "3.2.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE2C4F8-8B04-4FB2-9230-4CB16BF61D30",
"versionEndExcluding": "4.0.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code."
},
{
"lang": "es",
"value": "SPIP versiones anteriores a 3.2.14 y versiones 4.x anteriores a 4.0.5, permite a editores remotos autenticados ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2022-26846",
"lastModified": "2024-11-21T06:54:38.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:48:01.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2024-11-21 02:58
Severity ?
Summary
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "108B7E4F-1501-4193-BF95-B2D3465FCB10",
"versionEndIncluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action."
},
{
"lang": "es",
"value": "Ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes llevar a cabo ataques de SSRF a trav\u00e9s de una URL en el par\u00e1metro var_url en una acci\u00f3n valider_xml."
}
],
"id": "CVE-2016-7999",
"lastModified": "2024-11-21T02:58:52.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T17:59:01.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23188"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23193"
},
{
"source": "cve@mitre.org",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-10 21:29
Modified
2024-11-21 04:20
Severity ?
Summary
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25A18D-321C-41CC-9FBC-F55F4B97E6CA",
"versionEndExcluding": "3.1.10",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D60F81C-1902-43F9-B9E6-C7C503336007",
"versionEndExcluding": "3.2.4",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled."
},
{
"lang": "es",
"value": "SPIP 3.1 versiones anteriores a 3.1.10 y 3.2 versiones anteriores a 3.2.4 permite a los visitantes autentificados ejecutar c\u00f3digo arbitrario en el servidor host porque var_memotri se maneja de forma inadecuada."
}
],
"id": "CVE-2019-11071",
"lastModified": "2024-11-21T04:20:28.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-10T21:29:01.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4429"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-17 05:15
Modified
2024-11-21 04:35
Severity ?
Summary
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D11B44A-CE84-4875-A67D-0EC750365214",
"versionEndExcluding": "3.2.7",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database."
},
{
"lang": "es",
"value": "El archivo _core_/plugins/medias en SPIP versiones 3.2.x anteriores a la versi\u00f3n 3.2.7, permite a autores autenticados remotos inyectar contenido de la base de datos."
}
],
"id": "CVE-2019-19830",
"lastModified": "2024-11-21T04:35:28.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T05:15:14.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4583"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-02 18:11
Modified
2024-11-21 00:54
Severity ?
Summary
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | 1.8 | |
| spip | spip | 1.8.1 | |
| spip | spip | 1.8.2 | |
| spip | spip | 1.8.2b | |
| spip | spip | 1.8.3 | |
| spip | spip | 1.8b1 | |
| spip | spip | 1.8b2 | |
| spip | spip | 1.8b3 | |
| spip | spip | 1.8b4 | |
| spip | spip | 1.8b5 | |
| spip | spip | 1.8b6 | |
| spip | spip | 1.9.0 | |
| spip | spip | 1.9.1 | |
| spip | spip | 1.9.1 | |
| spip | spip | 1.9.2 | |
| spip | spip | 1.9.2f | |
| spip | spip | 2.0.0 | |
| spip | spip | 2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B513AF43-AFCA-494C-A3D0-A35F3214CE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4AC748-27C3-4FEC-A3C0-CF68B7D5DA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91DEC874-206B-4C45-92F5-C6C650F92782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "0A738F49-1968-4748-A48D-7D493BD09313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2258E6D1-B11D-4902-98D2-FC8330BE175D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b1:*:*:*:*:*:*:*",
"matchCriteriaId": "233CD17B-7CA9-4169-85CC-D44C2783A274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F0B947-DA3E-4394-A2B4-240B9792BA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4FBAA9E-2DD6-4FCC-AD97-CF666DB1B6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b4:*:*:*:*:*:*:*",
"matchCriteriaId": "D11D5EC5-EB3F-4517-90E4-FE4B0B6526A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b5:*:*:*:*:*:*:*",
"matchCriteriaId": "537F4814-914D-4493-98FB-F5F21B385F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.8b6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E128150-5AF1-45EF-8A6F-6709671F22D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EF9B63-0BB2-425A-8A81-1264BD28DB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.1:rev7385:*:*:*:*:*:*",
"matchCriteriaId": "FDBAD023-85A7-4B75-90EA-7C174F746050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.1:rev7502:*:*:*:*:*:*",
"matchCriteriaId": "82D6BD57-507A-4131-9D50-7F76BB9C5DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCB6E24-EA9D-46C4-B128-310DFEB22D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "D95CA7C1-F894-4530-B3D4-44002F387453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en SPIP v1.8 anteriores a v1.8.3b, 1.9 anteriores a v1.9.2g y v2.0 anteriores a v2.0.2 tienen un impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2008-5812",
"lastModified": "2024-11-21T00:54:57.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-02T18:11:09.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33307"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33061"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-09 17:55
Modified
2024-11-21 01:51
Severity ?
Summary
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | 3.0.0 | |
| spip | spip | 3.0.1 | |
| spip | spip | 3.0.2 | |
| spip | spip | 3.0.3 | |
| spip | spip | 3.0.4 | |
| spip | spip | 3.0.5 | |
| spip | spip | 3.0.6 | |
| spip | spip | 3.0.7 | |
| spip | spip | 3.0.8 | |
| spip | spip | 2.1.1 | |
| spip | spip | 2.1.2 | |
| spip | spip | 2.1.3 | |
| spip | spip | 2.1.4 | |
| spip | spip | 2.1.5 | |
| spip | spip | 2.1.6 | |
| spip | spip | 2.1.7 | |
| spip | spip | 2.1.8 | |
| spip | spip | 2.1.9 | |
| spip | spip | 2.1.10 | |
| spip | spip | 2.1.11 | |
| spip | spip | 2.1.12 | |
| spip | spip | 2.1.13 | |
| spip | spip | 2.1.14 | |
| spip | spip | 2.1.15 | |
| spip | spip | 2.1.16 | |
| spip | spip | 2.1.17 | |
| spip | spip | 2.1.18 | |
| spip | spip | 2.1.19 | |
| spip | spip | 2.1.20 | |
| spip | spip | 2.1.21 | |
| spip | spip | 2.0.0 | |
| spip | spip | 2.0.1 | |
| spip | spip | 2.0.2 | |
| spip | spip | 2.0.3 | |
| spip | spip | 2.0.4 | |
| spip | spip | 2.0.5 | |
| spip | spip | 2.0.6 | |
| spip | spip | 2.0.7 | |
| spip | spip | 2.0.8 | |
| spip | spip | 2.0.9 | |
| spip | spip | 2.0.10 | |
| spip | spip | 2.0.11 | |
| spip | spip | 2.0.12 | |
| spip | spip | 2.0.13 | |
| spip | spip | 2.0.14 | |
| spip | spip | 2.0.15 | |
| spip | spip | 2.0.16 | |
| spip | spip | 2.0.17 | |
| spip | spip | 2.0.18 | |
| spip | spip | 2.0.19 | |
| spip | spip | 2.0.20 | |
| spip | spip | 2.0.21 | |
| spip | spip | 2.0.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEACDF93-E23D-4DD8-8404-1A9FF6E30AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4037A30-ECB1-4416-B2C4-11C74C862922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0940E772-693A-4C37-843D-26FE94F2A872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "12D453E4-AD84-499D-AC00-16B609F4B2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D991DBB-7AD1-4BEA-B18F-078D23EAFA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5309CE-6C06-45F2-9C13-F1A4926D480E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD45F13F-DD59-4A15-8A40-DE918FEF9A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D9962195-7B5C-43F1-B5C9-982F1D422804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11285E4F-DF81-4994-B269-B382ECC690D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB357E8-F0AE-4646-B956-05DFD098E720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2899B4-945A-44DC-B2A6-ED5458DECC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C14FCA-01ED-4F17-A8BB-4D4B03B31382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E602A351-EDFE-49B4-8787-DC2CC113832B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91A65E-6D3C-480A-A033-1346244FCD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF75E6C-C72E-4056-8B2F-DC1E7E0F0E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911B82D6-F727-4D79-A959-C55C3AEADD90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73C21299-CCBC-40CE-A7B4-6C0DCCEC0604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BA10B-8449-4540-8F6B-4DAE18145AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77F27063-6AFD-42D6-A807-79BBD6B3827B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE12B65-5CB9-4AAA-956C-7553D24C7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0AADB76A-9280-4696-AB15-8FFBDCAA4E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5F49C554-718A-4860-A773-D7D601A3F6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD319522-02CC-4E04-A7B3-A64CBBA66624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A90E0828-ABAA-4CFA-BDF9-2FED7D176F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6796F6F3-2E98-4F78-8CCD-B0FF3DC31F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD80959-9214-4D50-AE6D-674E67D94C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "434386D1-E867-4963-9358-C02C061C6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F2F4D2-70F9-4D97-8813-77A2E6A94CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCB2107-062A-46AA-B0D7-8B21EEC733CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B7237B58-CBA5-4874-96E4-29E415628982",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1ED3E6-4FD2-43FE-A87B-FB7C39F0066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C6572-561B-400C-9060-55473A3F02EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F3FB07-3CA8-4A41-AAEA-9719B44DEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4A7340-3BBE-4ABB-A7A2-6ECA951C46E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16142135-D7C6-4090-8ADC-51979C95EE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "771B6518-8EAB-4A88-ACD9-6AA8AC551511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "956220B5-85C3-4C40-B6C5-99251360ADD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ED43C820-453D-41F1-9EDA-365AB9FE3318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04D7C38A-7FAD-4959-9195-E355A1EDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA607E4-A17B-4ED5-8C24-965414177B32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FFE25B-123B-4E80-8873-4CA856BD54A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1973A3-DC9B-400C-BC62-2688CCDCA55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6F0DEB-A3E8-43CD-AF06-159C1E2C6DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "96B93634-FC6D-43E8-AAF3-B5AE2996F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA15FCA-F0E0-41C3-A7B6-04019736F125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EB4CB6-9CD6-48FA-84E5-2D749C9B209E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3E295308-01B7-4A22-9F54-3D3112CCC241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "847E1C3D-1AFD-4612-8419-3C04F02F74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B77D58B6-30BB-4ED0-8C5D-0DC8F9639AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9F5A64-28B5-43C4-BFAF-497279262AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "531BD1D4-D1E6-499C-9455-E824FB9C635A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and \"take editorial control\" via vectors related to ecrire/inc/filtres.php."
},
{
"lang": "es",
"value": "SPIP v3.0.x anteriores a v3.0.9, v2.1.x anteriores a v2.1.22, y v2.0.x anteriores a v2.0.23 permiten a atacantes remotos obtener privilegios y tomar control editorial\" a trav\u00e9s de vectores relacionados con ecrire/inc/filtres.php."
}
],
"id": "CVE-2013-2118",
"lastModified": "2024-11-21T01:51:04.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-09T17:55:01.123",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr"
},
{
"source": "secalert@redhat.com",
"url": "http://core.spip.org/projects/spip/repository/revisions/20541"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2694"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://core.spip.org/projects/spip/repository/revisions/20541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/05/27/2"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2024-11-21 02:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "108B7E4F-1501-4193-BF95-B2D3465FCB10",
"versionEndIncluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro var_url en una acci\u00f3n valider_xml."
}
],
"id": "CVE-2016-7981",
"lastModified": "2024-11-21T02:58:50.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T17:59:00.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23200"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-26 12:15
Modified
2024-11-21 06:30
Severity ?
Summary
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E022D11-1000-4D8D-9D85-275CE84736AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author\u0027s information, the malicious code will be executed. The \"Who are you\" and \"Website Name\" fields are vulnerable."
},
{
"lang": "es",
"value": "SPIP versi\u00f3n 4.0.0 est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) en el archivo ecrire/public/interfaces.php, que a\u00f1ade la funci\u00f3n safehtml a los campos vulnerables. Un editor es capaz de modificar su informaci\u00f3n personal. Si el editor presenta un art\u00edculo escrito y disponible, cuando un usuario vaya al sitio p\u00fablico y quiera leer la informaci\u00f3n del autor, ser\u00e1 ejecutado el c\u00f3digo malicioso. Los campos \"Who are you\" y \"Website Name\" son vulnerables"
}
],
"id": "CVE-2021-44120",
"lastModified": "2024-11-21T06:30:23.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-26T12:15:07.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2024-11-21 02:58
Severity ?
Summary
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "108B7E4F-1501-4193-BF95-B2D3465FCB10",
"versionEndIncluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos enumerar los archivos en el sistema a trav\u00e9s del par\u00e1metro var_url en una acci\u00f3n valider_xml."
}
],
"id": "CVE-2016-7982",
"lastModified": "2024-11-21T02:58:50.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T17:59:00.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23200"
},
{
"source": "cve@mitre.org",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 00:15
Modified
2024-11-21 07:14
Severity ?
Summary
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "016B9FE3-4486-4D19-99A3-A01884F8C211",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter."
},
{
"lang": "es",
"value": "RCE en SPIP 3.1.13 a 4.1.2 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro _oups."
}
],
"id": "CVE-2022-37155",
"lastModified": "2024-11-21T07:14:32.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T00:15:09.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pastebin.com/ZH7CPc8X"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pastebin.com/ZH7CPc8X"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 02:55
Modified
2024-11-21 01:55
Severity ?
Summary
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEACDF93-E23D-4DD8-8404-1A9FF6E30AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4037A30-ECB1-4416-B2C4-11C74C862922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0940E772-693A-4C37-843D-26FE94F2A872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "12D453E4-AD84-499D-AC00-16B609F4B2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D991DBB-7AD1-4BEA-B18F-078D23EAFA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5309CE-6C06-45F2-9C13-F1A4926D480E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD45F13F-DD59-4A15-8A40-DE918FEF9A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D9962195-7B5C-43F1-B5C9-982F1D422804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11285E4F-DF81-4994-B269-B382ECC690D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "284DD051-7E34-4AA4-90D4-B63071F04B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B5717886-316C-4FDE-99E3-E4F90C9C5137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "43340829-7234-419A-A221-AC496B08C34D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter."
},
{
"lang": "es",
"value": "Security Screen (_core_/securite/ecran_securite.php) anterior a la versi\u00f3n 1.1.8 para SPIP, tal y como se usa en SPIP 3.0.x anterior a 3.0.12, permite a atacantes remotos ejecutar PHP arbitrario a trav\u00e9s del par\u00e1metro connect."
}
],
"id": "CVE-2013-4557",
"lastModified": "2024-11-21T01:55:49.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-18T02:55:08.327",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55551"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1029317"
},
{
"source": "secalert@redhat.com",
"url": "http://www.spip.net/fr_article5646.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.spip.net/fr_article5648.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php"
},
{
"source": "secalert@redhat.com",
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.spip.net/fr_article5646.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.spip.net/fr_article5648.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2013/dsa-2794"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2024-11-21 02:58
Severity ?
Summary
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "108B7E4F-1501-4193-BF95-B2D3465FCB10",
"versionEndIncluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action."
},
{
"lang": "es",
"value": "El compositor/compilador de plantillas de SPIP en SPIP 3.1.2 y versiones anteriores permite a usuarios remotos autentificados ejecutar c\u00f3digo PHP arbitrario cargando un archivo HTML con una etiqueta INCLUDE (1) o INCLURE (2) manipulada y despu\u00e9s accediendo a ella con una acci\u00f3n valider_xml."
}
],
"id": "CVE-2016-7998",
"lastModified": "2024-11-21T02:58:52.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T17:59:01.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23186"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23189"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23192"
},
{
"source": "cve@mitre.org",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-25 00:17
Modified
2024-11-21 00:35
Severity ?
Summary
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE69123A-73ED-4FBF-BFE4-06F44F321A28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en inc-calcul.php3 de SPIP versi\u00f3n 1.7.2 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante un URL en el par\u00e1metro squelette_cache parameter, vector distinto de CVE-2006-1702. NOTA: esta caracter\u00edstica ha sido cuestionada por investigadores de terceros, que indica que la variable squelette_cache es inicializada antes de su uso, y s\u00f3lo se utiliza en el \u00e1mbito de una funci\u00f3n."
}
],
"id": "CVE-2007-4525",
"lastModified": "2024-11-21T00:35:48.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-25T00:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3056"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477423/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477728/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25416"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477423/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477728/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36218"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-17 03:59
Modified
2024-11-21 03:02
Severity ?
Summary
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95008 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037486 | ||
| cve@mitre.org | https://core.spip.net/projects/spip/repository/revisions/23288 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95008 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://core.spip.net/projects/spip/repository/revisions/23288 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F886B97D-1648-4D9A-A1A3-9F7982C6259D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "C06AB4FA-EA55-435E-9C04-124BCC008301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "A22B763C-1CE8-4219-A767-8400FFDCCDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "26E98301-4358-464A-952C-FE81F9EC7859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4AE44495-D166-46D4-9375-73890216AF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B645A6EB-B9C5-470C-B42C-E971B2A21D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77374D-F349-4728-91B9-5483C641B33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5276FA-1CDD-4100-B8A6-21ABB1A7E8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0230D10E-96C6-4C13-BF75-E4B398AAE741",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL."
},
{
"lang": "es",
"value": "SPIP 3.1.x sufre de una vulnerabilidad de XSS reflectada en /ecrire/exec/puce_statut.php involucrando el par\u00e1metro `$id`, seg\u00fan lo demostrado por una URL /ecrire/?exec=puce_statut."
}
],
"id": "CVE-2016-9997",
"lastModified": "2024-11-21T03:02:09.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-17T03:59:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95008"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037486"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23288"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-08 14:59
Modified
2024-11-21 02:49
Severity ?
Summary
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| spip | spip | 2.0.0 | |
| spip | spip | 2.0.1 | |
| spip | spip | 2.0.2 | |
| spip | spip | 2.0.3 | |
| spip | spip | 2.0.4 | |
| spip | spip | 2.0.5 | |
| spip | spip | 2.0.6 | |
| spip | spip | 2.0.7 | |
| spip | spip | 2.0.8 | |
| spip | spip | 2.0.9 | |
| spip | spip | 2.0.10 | |
| spip | spip | 2.0.11 | |
| spip | spip | 2.0.12 | |
| spip | spip | 2.0.13 | |
| spip | spip | 2.0.14 | |
| spip | spip | 2.0.15 | |
| spip | spip | 2.0.16 | |
| spip | spip | 2.0.17 | |
| spip | spip | 2.0.18 | |
| spip | spip | 2.0.19 | |
| spip | spip | 2.0.20 | |
| spip | spip | 2.0.21 | |
| spip | spip | 2.0.22 | |
| spip | spip | 2.1.1 | |
| spip | spip | 2.1.2 | |
| spip | spip | 2.1.3 | |
| spip | spip | 2.1.4 | |
| spip | spip | 2.1.5 | |
| spip | spip | 2.1.6 | |
| spip | spip | 2.1.7 | |
| spip | spip | 2.1.8 | |
| spip | spip | 2.1.9 | |
| spip | spip | 2.1.10 | |
| spip | spip | 2.1.11 | |
| spip | spip | 2.1.12 | |
| spip | spip | 2.1.13 | |
| spip | spip | 2.1.14 | |
| spip | spip | 2.1.15 | |
| spip | spip | 2.1.16 | |
| spip | spip | 2.1.17 | |
| spip | spip | 2.1.18 | |
| spip | spip | 3.0.0 | |
| spip | spip | 3.0.1 | |
| spip | spip | 3.0.2 | |
| spip | spip | 3.0.3 | |
| spip | spip | 3.0.4 | |
| spip | spip | 3.0.5 | |
| spip | spip | 3.0.6 | |
| spip | spip | 3.0.7 | |
| spip | spip | 3.0.8 | |
| spip | spip | 3.0.9 | |
| spip | spip | 3.0.10 | |
| spip | spip | 3.0.11 | |
| spip | spip | 3.0.13 | |
| spip | spip | 3.0.14 | |
| spip | spip | 3.0.15 | |
| spip | spip | 3.0.16 | |
| spip | spip | 3.0.17 | |
| spip | spip | 3.0.19 | |
| spip | spip | 3.0.20 | |
| spip | spip | 3.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1ED3E6-4FD2-43FE-A87B-FB7C39F0066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C6572-561B-400C-9060-55473A3F02EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F3FB07-3CA8-4A41-AAEA-9719B44DEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4A7340-3BBE-4ABB-A7A2-6ECA951C46E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16142135-D7C6-4090-8ADC-51979C95EE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "771B6518-8EAB-4A88-ACD9-6AA8AC551511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "956220B5-85C3-4C40-B6C5-99251360ADD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ED43C820-453D-41F1-9EDA-365AB9FE3318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04D7C38A-7FAD-4959-9195-E355A1EDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA607E4-A17B-4ED5-8C24-965414177B32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FFE25B-123B-4E80-8873-4CA856BD54A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1973A3-DC9B-400C-BC62-2688CCDCA55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6F0DEB-A3E8-43CD-AF06-159C1E2C6DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "96B93634-FC6D-43E8-AAF3-B5AE2996F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA15FCA-F0E0-41C3-A7B6-04019736F125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EB4CB6-9CD6-48FA-84E5-2D749C9B209E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3E295308-01B7-4A22-9F54-3D3112CCC241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "847E1C3D-1AFD-4612-8419-3C04F02F74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B77D58B6-30BB-4ED0-8C5D-0DC8F9639AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9F5A64-28B5-43C4-BFAF-497279262AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "531BD1D4-D1E6-499C-9455-E824FB9C635A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB357E8-F0AE-4646-B956-05DFD098E720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2899B4-945A-44DC-B2A6-ED5458DECC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C14FCA-01ED-4F17-A8BB-4D4B03B31382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E602A351-EDFE-49B4-8787-DC2CC113832B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91A65E-6D3C-480A-A033-1346244FCD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF75E6C-C72E-4056-8B2F-DC1E7E0F0E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911B82D6-F727-4D79-A959-C55C3AEADD90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73C21299-CCBC-40CE-A7B4-6C0DCCEC0604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BA10B-8449-4540-8F6B-4DAE18145AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77F27063-6AFD-42D6-A807-79BBD6B3827B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE12B65-5CB9-4AAA-956C-7553D24C7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0AADB76A-9280-4696-AB15-8FFBDCAA4E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5F49C554-718A-4860-A773-D7D601A3F6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD319522-02CC-4E04-A7B3-A64CBBA66624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A90E0828-ABAA-4CFA-BDF9-2FED7D176F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6796F6F3-2E98-4F78-8CCD-B0FF3DC31F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD80959-9214-4D50-AE6D-674E67D94C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "434386D1-E867-4963-9358-C02C061C6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEACDF93-E23D-4DD8-8404-1A9FF6E30AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4037A30-ECB1-4416-B2C4-11C74C862922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0940E772-693A-4C37-843D-26FE94F2A872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "12D453E4-AD84-499D-AC00-16B609F4B2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D991DBB-7AD1-4BEA-B18F-078D23EAFA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5309CE-6C06-45F2-9C13-F1A4926D480E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD45F13F-DD59-4A15-8A40-DE918FEF9A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D9962195-7B5C-43F1-B5C9-982F1D422804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11285E4F-DF81-4994-B269-B382ECC690D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "284DD051-7E34-4AA4-90D4-B63071F04B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B5717886-316C-4FDE-99E3-E4F90C9C5137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "43340829-7234-419A-A221-AC496B08C34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D883D34B-156D-473D-81F4-6B90F7FA5133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D30EE7-9872-4405-B42B-126C9769A482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "463EE1A1-3BAD-4491-A6F3-45B6988445B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C14D7D84-221C-4A55-B652-FAB4D78EEEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7E06C3A0-F9FA-4A31-967E-C80FA42EBD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2E61FC-1AFB-45DD-AB6F-15B3B73CE62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9407EDE1-ED4C-4990-90AF-3FE28D837F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F886B97D-1648-4D9A-A1A3-9F7982C6259D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function."
},
{
"lang": "es",
"value": "SPIP 2.x en versiones anteriore a 2.1.19, 3.0.x en versiones anteriores a 3.0.22 y 3.1.x en versiones anteriores a 3.1.1 permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a\u00f1adiendo contenido, relacionado con la funci\u00f3n filtrer_entites."
}
],
"id": "CVE-2016-3153",
"lastModified": "2024-11-21T02:49:29.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-08T14:59:03.673",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3518"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"source": "cve@mitre.org",
"url": "https://core.spip.net/projects/spip/repository/revisions/22911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://core.spip.net/projects/spip/repository/revisions/22911"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-08 14:59
Modified
2024-11-21 02:49
Severity ?
Summary
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | 2.0.0 | |
| spip | spip | 2.0.1 | |
| spip | spip | 2.0.2 | |
| spip | spip | 2.0.3 | |
| spip | spip | 2.0.4 | |
| spip | spip | 2.0.5 | |
| spip | spip | 2.0.6 | |
| spip | spip | 2.0.7 | |
| spip | spip | 2.0.8 | |
| spip | spip | 2.0.9 | |
| spip | spip | 2.0.10 | |
| spip | spip | 2.0.11 | |
| spip | spip | 2.0.12 | |
| spip | spip | 2.0.13 | |
| spip | spip | 2.0.14 | |
| spip | spip | 2.0.15 | |
| spip | spip | 2.0.16 | |
| spip | spip | 2.0.17 | |
| spip | spip | 2.0.18 | |
| spip | spip | 2.0.19 | |
| spip | spip | 2.0.20 | |
| spip | spip | 2.0.21 | |
| spip | spip | 2.0.22 | |
| spip | spip | 2.1.1 | |
| spip | spip | 2.1.2 | |
| spip | spip | 2.1.3 | |
| spip | spip | 2.1.4 | |
| spip | spip | 2.1.5 | |
| spip | spip | 2.1.6 | |
| spip | spip | 2.1.7 | |
| spip | spip | 2.1.8 | |
| spip | spip | 2.1.9 | |
| spip | spip | 2.1.10 | |
| spip | spip | 2.1.11 | |
| spip | spip | 2.1.12 | |
| spip | spip | 2.1.13 | |
| spip | spip | 2.1.14 | |
| spip | spip | 2.1.15 | |
| spip | spip | 2.1.16 | |
| spip | spip | 2.1.17 | |
| spip | spip | 2.1.18 | |
| spip | spip | 2.1.19 | |
| spip | spip | 3.0.0 | |
| spip | spip | 3.0.1 | |
| spip | spip | 3.0.2 | |
| spip | spip | 3.0.3 | |
| spip | spip | 3.0.4 | |
| spip | spip | 3.0.5 | |
| spip | spip | 3.0.6 | |
| spip | spip | 3.0.7 | |
| spip | spip | 3.0.8 | |
| spip | spip | 3.0.9 | |
| spip | spip | 3.0.10 | |
| spip | spip | 3.0.11 | |
| spip | spip | 3.0.13 | |
| spip | spip | 3.0.14 | |
| spip | spip | 3.0.15 | |
| spip | spip | 3.0.16 | |
| spip | spip | 3.0.17 | |
| spip | spip | 3.0.19 | |
| spip | spip | 3.0.20 | |
| spip | spip | 3.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1ED3E6-4FD2-43FE-A87B-FB7C39F0066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C6572-561B-400C-9060-55473A3F02EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F3FB07-3CA8-4A41-AAEA-9719B44DEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4A7340-3BBE-4ABB-A7A2-6ECA951C46E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16142135-D7C6-4090-8ADC-51979C95EE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "771B6518-8EAB-4A88-ACD9-6AA8AC551511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "956220B5-85C3-4C40-B6C5-99251360ADD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ED43C820-453D-41F1-9EDA-365AB9FE3318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04D7C38A-7FAD-4959-9195-E355A1EDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA607E4-A17B-4ED5-8C24-965414177B32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FFE25B-123B-4E80-8873-4CA856BD54A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1973A3-DC9B-400C-BC62-2688CCDCA55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6F0DEB-A3E8-43CD-AF06-159C1E2C6DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "96B93634-FC6D-43E8-AAF3-B5AE2996F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA15FCA-F0E0-41C3-A7B6-04019736F125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EB4CB6-9CD6-48FA-84E5-2D749C9B209E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3E295308-01B7-4A22-9F54-3D3112CCC241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "847E1C3D-1AFD-4612-8419-3C04F02F74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B77D58B6-30BB-4ED0-8C5D-0DC8F9639AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9F5A64-28B5-43C4-BFAF-497279262AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "531BD1D4-D1E6-499C-9455-E824FB9C635A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB357E8-F0AE-4646-B956-05DFD098E720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2899B4-945A-44DC-B2A6-ED5458DECC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C14FCA-01ED-4F17-A8BB-4D4B03B31382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E602A351-EDFE-49B4-8787-DC2CC113832B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91A65E-6D3C-480A-A033-1346244FCD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF75E6C-C72E-4056-8B2F-DC1E7E0F0E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911B82D6-F727-4D79-A959-C55C3AEADD90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73C21299-CCBC-40CE-A7B4-6C0DCCEC0604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BA10B-8449-4540-8F6B-4DAE18145AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77F27063-6AFD-42D6-A807-79BBD6B3827B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE12B65-5CB9-4AAA-956C-7553D24C7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0AADB76A-9280-4696-AB15-8FFBDCAA4E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5F49C554-718A-4860-A773-D7D601A3F6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD319522-02CC-4E04-A7B3-A64CBBA66624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A90E0828-ABAA-4CFA-BDF9-2FED7D176F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6796F6F3-2E98-4F78-8CCD-B0FF3DC31F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD80959-9214-4D50-AE6D-674E67D94C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "434386D1-E867-4963-9358-C02C061C6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F2F4D2-70F9-4D97-8813-77A2E6A94CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEACDF93-E23D-4DD8-8404-1A9FF6E30AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4037A30-ECB1-4416-B2C4-11C74C862922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0940E772-693A-4C37-843D-26FE94F2A872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "12D453E4-AD84-499D-AC00-16B609F4B2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D991DBB-7AD1-4BEA-B18F-078D23EAFA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5309CE-6C06-45F2-9C13-F1A4926D480E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD45F13F-DD59-4A15-8A40-DE918FEF9A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D9962195-7B5C-43F1-B5C9-982F1D422804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11285E4F-DF81-4994-B269-B382ECC690D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "284DD051-7E34-4AA4-90D4-B63071F04B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B5717886-316C-4FDE-99E3-E4F90C9C5137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "43340829-7234-419A-A221-AC496B08C34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D883D34B-156D-473D-81F4-6B90F7FA5133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D30EE7-9872-4405-B42B-126C9769A482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "463EE1A1-3BAD-4491-A6F3-45B6988445B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C14D7D84-221C-4A55-B652-FAB4D78EEEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7E06C3A0-F9FA-4A31-967E-C80FA42EBD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2E61FC-1AFB-45DD-AB6F-15B3B73CE62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9407EDE1-ED4C-4990-90AF-3FE28D837F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F886B97D-1648-4D9A-A1A3-9F7982C6259D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object."
},
{
"lang": "es",
"value": "La funci\u00f3n encoder_contexte_ajax en ecrire/inc/filtres.php en SPIP 2.x en versiones anteriores a 2.1.19, 3.0.x en versiones anteriores a 3.0.22 y 3.1.x en versiones anteriores a 3.1.1 permite a atacantes remotos llevar a cabo ataques de inyecci\u00f3n de objeto PHP y ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de un objeto serializado manipulado."
}
],
"id": "CVE-2016-3154",
"lastModified": "2024-11-21T02:49:29.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-08T14:59:04.707",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3518"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"source": "cve@mitre.org",
"url": "https://core.spip.net/projects/spip/repository/revisions/22903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://core.spip.net/projects/spip/repository/revisions/22903"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 02:55
Modified
2024-11-21 01:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| spip | spip | 2.0.0 | |
| spip | spip | 2.0.1 | |
| spip | spip | 2.0.2 | |
| spip | spip | 2.0.3 | |
| spip | spip | 2.0.4 | |
| spip | spip | 2.0.5 | |
| spip | spip | 2.0.6 | |
| spip | spip | 2.0.7 | |
| spip | spip | 2.0.8 | |
| spip | spip | 2.0.9 | |
| spip | spip | 2.0.10 | |
| spip | spip | 2.0.11 | |
| spip | spip | 2.0.12 | |
| spip | spip | 2.0.13 | |
| spip | spip | 2.0.14 | |
| spip | spip | 2.0.15 | |
| spip | spip | 2.0.16 | |
| spip | spip | 2.0.17 | |
| spip | spip | 2.0.18 | |
| spip | spip | 2.0.19 | |
| spip | spip | 2.0.20 | |
| spip | spip | 2.0.21 | |
| spip | spip | 2.0.22 | |
| spip | spip | 2.1.1 | |
| spip | spip | 2.1.2 | |
| spip | spip | 2.1.3 | |
| spip | spip | 2.1.4 | |
| spip | spip | 2.1.5 | |
| spip | spip | 2.1.6 | |
| spip | spip | 2.1.7 | |
| spip | spip | 2.1.8 | |
| spip | spip | 2.1.9 | |
| spip | spip | 2.1.10 | |
| spip | spip | 2.1.11 | |
| spip | spip | 2.1.12 | |
| spip | spip | 2.1.13 | |
| spip | spip | 2.1.14 | |
| spip | spip | 2.1.15 | |
| spip | spip | 2.1.16 | |
| spip | spip | 2.1.17 | |
| spip | spip | 2.1.18 | |
| spip | spip | 2.1.19 | |
| spip | spip | 2.1.20 | |
| spip | spip | 2.1.21 | |
| spip | spip | 2.1.22 | |
| spip | spip | 3.0.0 | |
| spip | spip | 3.0.1 | |
| spip | spip | 3.0.2 | |
| spip | spip | 3.0.3 | |
| spip | spip | 3.0.4 | |
| spip | spip | 3.0.5 | |
| spip | spip | 3.0.6 | |
| spip | spip | 3.0.7 | |
| spip | spip | 3.0.8 | |
| spip | spip | 3.0.9 | |
| spip | spip | 3.0.10 | |
| spip | spip | 3.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BE1FF2-923E-4991-A661-B9FE93FE22FE",
"versionEndIncluding": "2.1.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1ED3E6-4FD2-43FE-A87B-FB7C39F0066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C6572-561B-400C-9060-55473A3F02EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F3FB07-3CA8-4A41-AAEA-9719B44DEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4A7340-3BBE-4ABB-A7A2-6ECA951C46E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16142135-D7C6-4090-8ADC-51979C95EE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "771B6518-8EAB-4A88-ACD9-6AA8AC551511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "956220B5-85C3-4C40-B6C5-99251360ADD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ED43C820-453D-41F1-9EDA-365AB9FE3318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04D7C38A-7FAD-4959-9195-E355A1EDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA607E4-A17B-4ED5-8C24-965414177B32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FFE25B-123B-4E80-8873-4CA856BD54A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1973A3-DC9B-400C-BC62-2688CCDCA55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6F0DEB-A3E8-43CD-AF06-159C1E2C6DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "96B93634-FC6D-43E8-AAF3-B5AE2996F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA15FCA-F0E0-41C3-A7B6-04019736F125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EB4CB6-9CD6-48FA-84E5-2D749C9B209E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3E295308-01B7-4A22-9F54-3D3112CCC241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "847E1C3D-1AFD-4612-8419-3C04F02F74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B77D58B6-30BB-4ED0-8C5D-0DC8F9639AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9F5A64-28B5-43C4-BFAF-497279262AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "531BD1D4-D1E6-499C-9455-E824FB9C635A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB357E8-F0AE-4646-B956-05DFD098E720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2899B4-945A-44DC-B2A6-ED5458DECC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C14FCA-01ED-4F17-A8BB-4D4B03B31382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E602A351-EDFE-49B4-8787-DC2CC113832B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91A65E-6D3C-480A-A033-1346244FCD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF75E6C-C72E-4056-8B2F-DC1E7E0F0E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911B82D6-F727-4D79-A959-C55C3AEADD90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73C21299-CCBC-40CE-A7B4-6C0DCCEC0604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BA10B-8449-4540-8F6B-4DAE18145AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77F27063-6AFD-42D6-A807-79BBD6B3827B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE12B65-5CB9-4AAA-956C-7553D24C7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0AADB76A-9280-4696-AB15-8FFBDCAA4E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5F49C554-718A-4860-A773-D7D601A3F6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD319522-02CC-4E04-A7B3-A64CBBA66624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A90E0828-ABAA-4CFA-BDF9-2FED7D176F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6796F6F3-2E98-4F78-8CCD-B0FF3DC31F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD80959-9214-4D50-AE6D-674E67D94C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "434386D1-E867-4963-9358-C02C061C6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F2F4D2-70F9-4D97-8813-77A2E6A94CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCB2107-062A-46AA-B0D7-8B21EEC733CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B7237B58-CBA5-4874-96E4-29E415628982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDDFAB9-7D8C-4E90-9DA2-660C29C286CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEACDF93-E23D-4DD8-8404-1A9FF6E30AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4037A30-ECB1-4416-B2C4-11C74C862922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0940E772-693A-4C37-843D-26FE94F2A872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "12D453E4-AD84-499D-AC00-16B609F4B2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D991DBB-7AD1-4BEA-B18F-078D23EAFA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5309CE-6C06-45F2-9C13-F1A4926D480E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD45F13F-DD59-4A15-8A40-DE918FEF9A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D9962195-7B5C-43F1-B5C9-982F1D422804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11285E4F-DF81-4994-B269-B382ECC690D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "284DD051-7E34-4AA4-90D4-B63071F04B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B5717886-316C-4FDE-99E3-E4F90C9C5137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "43340829-7234-419A-A221-AC496B08C34D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la p\u00e1gina de autor (prive/formulaires/editer_auteur.php) de SPIP anterior a la versi\u00f3n 2.1.24 y 3.0.x anterior a 3.0.12 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del par\u00e1metro url_site."
}
],
"id": "CVE-2013-4556",
"lastModified": "2024-11-21T01:55:49.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-18T02:55:08.250",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20879"
},
{
"source": "secalert@redhat.com",
"url": "http://core.spip.org/projects/spip/repository/revisions/20880"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55551"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1029317"
},
{
"source": "secalert@redhat.com",
"url": "http://www.spip.net/fr_article5646.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.spip.net/fr_article5648.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://core.spip.org/projects/spip/repository/revisions/20880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.spip.net/fr_article5646.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.spip.net/fr_article5648.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2013/dsa-2794"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-19 21:15
Modified
2024-11-21 06:58
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2834C8B-8286-43F8-8DD9-0CAC21094A30",
"versionEndIncluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el componente /spip.php de Spip Web Framework versiones v3.1.13 y anteriores, permite a atacantes ejecutar scripts web o HTML arbitrarios"
}
],
"id": "CVE-2022-28959",
"lastModified": "2024-11-21T06:58:14.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-19T21:15:08.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-14 22:55
Modified
2024-11-21 01:38
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A71331-3291-4A16-80DC-32365C9EDAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65B5367-E751-40B9-B022-B10421B6E7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCB6E24-EA9D-46C4-B128-310DFEB22D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2D9EA0-2949-4B1F-B218-67488D3691D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2E3A2E-898F-4067-9112-DC5E6EF9A261",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en SPIP v1.9.x antes de v1.9.2.o, v2.0.x antes de v2.0.18, y v2.1.x antes de v2.1.13 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2012-2151",
"lastModified": "2024-11-21T01:38:36.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-14T22:55:01.567",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48939"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2461"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/81473"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53216"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026970"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/81473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75104"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-04 07:15
Modified
2024-11-21 08:39
Severity ?
Summary
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3499B4ED-95B6-47EA-B357-CC9A5A7C3D39",
"versionEndExcluding": "4.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19D049C-4AC1-4F13-A98B-F45B96668A25",
"versionEndExcluding": "4.2.7",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics."
},
{
"lang": "es",
"value": "ecrire/public/assembler.php en SPIP anteriores a 4.1.3 y 4.2.x anteriores a 4.2.7 permite XSS porque la entrada from_request() no est\u00e1 restringida a caracteres seguros como los alfanum\u00e9ricos."
}
],
"id": "CVE-2023-52322",
"lastModified": "2024-11-21T08:39:33.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-04T07:15:09.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00014.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-14 22:55
Modified
2024-11-21 01:42
Severity ?
Summary
Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A71331-3291-4A16-80DC-32365C9EDAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65B5367-E751-40B9-B022-B10421B6E7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCB6E24-EA9D-46C4-B128-310DFEB22D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2D9EA0-2949-4B1F-B218-67488D3691D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2E3A2E-898F-4067-9112-DC5E6EF9A261",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en SPIP antes de v1.9.2.o, v2.0.x antes de v2.0.18 y v2.1.x antes de v2.1.13 tienen un impacto desconocido y vectores de ataque que no est\u00e1n relacionados con secuencias de comandos entre sitios (XSS). Se trata de vulnerabilidades diferentes a las de CVE-2012-2151.\r\n"
}
],
"id": "CVE-2012-4331",
"lastModified": "2024-11-21T01:42:41.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-14T22:55:02.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026970"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-26 12:15
Modified
2024-11-21 06:30
Severity ?
Summary
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba | Patch, Third Party Advisory | |
| cve@mitre.org | https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a | Patch, Third Party Advisory | |
| cve@mitre.org | https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E022D11-1000-4D8D-9D85-275CE84736AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS)."
},
{
"lang": "es",
"value": "SPIP versi\u00f3n 4.0.0 est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS). Para explotar la vulnerabilidad, un visitante debe navegar a un archivo SVG malicioso. La vulnerabilidad permite a un atacante autenticado inyectar c\u00f3digo malicioso ejecutado en el lado del cliente en las p\u00e1ginas web visitadas por otros usuarios (XSS almacenado)"
}
],
"id": "CVE-2021-44118",
"lastModified": "2024-11-21T06:30:23.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-26T12:15:07.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-17 16:29
Modified
2024-11-21 03:36
Severity ?
Summary
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F886B97D-1648-4D9A-A1A3-9F7982C6259D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "C06AB4FA-EA55-435E-9C04-124BCC008301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "A22B763C-1CE8-4219-A767-8400FFDCCDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "26E98301-4358-464A-952C-FE81F9EC7859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4AE44495-D166-46D4-9375-73890216AF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B645A6EB-B9C5-470C-B42C-E971B2A21D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77374D-F349-4728-91B9-5483C641B33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5276FA-1CDD-4100-B8A6-21ABB1A7E8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0230D10E-96C6-4C13-BF75-E4B398AAE741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "591A3B0A-BD8C-4B04-B54A-4165012DC2CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D85353-9C50-4BCD-8933-4817D8A35C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.2:alpha-1:*:*:*:*:*:*",
"matchCriteriaId": "627024B4-50A4-4A7D-AFC9-BB272D1D2329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "FB6E13B9-3236-4331-AA5D-2B629CAC46AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D544F17F-4B81-45AD-A90E-45EE5125D8BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution."
},
{
"lang": "es",
"value": "SPIP en versiones 3.1.x anteriores a la 3.1.6 y versiones 3.2.x anteriores a la Beta 3 no elimina los metacaracteres shell del campo host, lo que permite que un atacante remoto provoque la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2017-9736",
"lastModified": "2024-11-21T03:36:43.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-17T16:29:00.180",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3890"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23593"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23594"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-28 20:15
Modified
2024-11-21 07:52
Severity ?
Summary
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C248E-6246-469B-858D-DB628B535BDA",
"versionEndExcluding": "3.2.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A67A687F-6F6C-4150-92BB-90A308B89B4A",
"versionEndExcluding": "4.0.10",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4188B203-546F-4EE3-AD33-A31F3AF16B76",
"versionEndExcluding": "4.1.8",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D55ECBAF-CDAB-4F7E-9BD1-BD9178732934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:4.2.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "1CED71D6-E720-4007-BEE3-B81CC4F5EDD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:4.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "0746C763-3FD4-4095-9F1C-9BEAE6E6E29B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1."
}
],
"id": "CVE-2023-27372",
"lastModified": "2024-11-21T07:52:46.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-28T20:15:10.243",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5367"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-09 18:06
Modified
2024-11-21 00:06
Severity ?
Summary
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D5C97-A36D-4E53-A591-20FE20AF00B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter."
}
],
"id": "CVE-2006-0626",
"lastModified": "2024-11-21T00:06:56.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-09T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18676"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015602"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23087"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16551"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0483"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24599"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-10 17:48
Modified
2024-11-21 06:54
Severity ?
Summary
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| spip | spip | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAA6131-6D99-4123-9873-B0025DFD6660",
"versionEndExcluding": "3.2.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE2C4F8-8B04-4FB2-9230-4CB16BF61D30",
"versionEndExcluding": "4.0.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects."
},
{
"lang": "es",
"value": "SPIP versiones anteriores a 3.2.14 y versiones 4.x anteriores a 4.0.5, permite el acceso no autenticado a informaci\u00f3n sobre objetos editoriales"
}
],
"id": "CVE-2022-26847",
"lastModified": "2024-11-21T06:54:38.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:48:02.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-02 11:02
Modified
2024-11-21 00:06
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B9F0E6-15A4-4636-BA8A-0AAAC73E5046",
"versionEndIncluding": "1.8.2e",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "741F5196-A7CF-4588-BC51-D7D284308789",
"versionEndIncluding": "1.9_alpha2_5539",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
],
"id": "CVE-2006-0518",
"lastModified": "2024-11-21T00:06:38.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-02T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18676"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22849"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16461"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24401"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-17 21:15
Modified
2024-11-21 04:30
Severity ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| spip | spip | * | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C9CE90-F244-458C-B475-28F2298D6C17",
"versionEndExcluding": "3.1.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054DE097-C977-4694-9F80-ADF007A3CA36",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages."
},
{
"lang": "es",
"value": "SPIP versiones anteriores a 3.1.11 y versiones 3.2 anteriores a 3.2.5, permite un ataque de tipo XSS del archivo prive/formulaires/login.php por medio de mensajes de error."
}
],
"id": "CVE-2019-16392",
"lastModified": "2024-11-21T04:30:37.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-17T21:15:11.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 02:55
Modified
2024-11-21 01:55
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| spip | spip | 2.0.0 | |
| spip | spip | 2.0.1 | |
| spip | spip | 2.0.2 | |
| spip | spip | 2.0.3 | |
| spip | spip | 2.0.4 | |
| spip | spip | 2.0.5 | |
| spip | spip | 2.0.6 | |
| spip | spip | 2.0.7 | |
| spip | spip | 2.0.8 | |
| spip | spip | 2.0.9 | |
| spip | spip | 2.0.10 | |
| spip | spip | 2.0.11 | |
| spip | spip | 2.0.12 | |
| spip | spip | 2.0.13 | |
| spip | spip | 2.0.14 | |
| spip | spip | 2.0.15 | |
| spip | spip | 2.0.16 | |
| spip | spip | 2.0.17 | |
| spip | spip | 2.0.18 | |
| spip | spip | 2.0.19 | |
| spip | spip | 2.0.20 | |
| spip | spip | 2.0.21 | |
| spip | spip | 2.0.22 | |
| spip | spip | 2.1.1 | |
| spip | spip | 2.1.2 | |
| spip | spip | 2.1.3 | |
| spip | spip | 2.1.4 | |
| spip | spip | 2.1.5 | |
| spip | spip | 2.1.6 | |
| spip | spip | 2.1.7 | |
| spip | spip | 2.1.8 | |
| spip | spip | 2.1.9 | |
| spip | spip | 2.1.10 | |
| spip | spip | 2.1.11 | |
| spip | spip | 2.1.12 | |
| spip | spip | 2.1.13 | |
| spip | spip | 2.1.14 | |
| spip | spip | 2.1.15 | |
| spip | spip | 2.1.16 | |
| spip | spip | 2.1.17 | |
| spip | spip | 2.1.18 | |
| spip | spip | 2.1.19 | |
| spip | spip | 2.1.20 | |
| spip | spip | 2.1.21 | |
| spip | spip | 2.1.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BE1FF2-923E-4991-A661-B9FE93FE22FE",
"versionEndIncluding": "2.1.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1ED3E6-4FD2-43FE-A87B-FB7C39F0066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C6572-561B-400C-9060-55473A3F02EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F3FB07-3CA8-4A41-AAEA-9719B44DEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4A7340-3BBE-4ABB-A7A2-6ECA951C46E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16142135-D7C6-4090-8ADC-51979C95EE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "771B6518-8EAB-4A88-ACD9-6AA8AC551511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "956220B5-85C3-4C40-B6C5-99251360ADD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ED43C820-453D-41F1-9EDA-365AB9FE3318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04D7C38A-7FAD-4959-9195-E355A1EDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA607E4-A17B-4ED5-8C24-965414177B32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FFE25B-123B-4E80-8873-4CA856BD54A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1973A3-DC9B-400C-BC62-2688CCDCA55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6F0DEB-A3E8-43CD-AF06-159C1E2C6DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "96B93634-FC6D-43E8-AAF3-B5AE2996F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA15FCA-F0E0-41C3-A7B6-04019736F125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EB4CB6-9CD6-48FA-84E5-2D749C9B209E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3E295308-01B7-4A22-9F54-3D3112CCC241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "847E1C3D-1AFD-4612-8419-3C04F02F74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B77D58B6-30BB-4ED0-8C5D-0DC8F9639AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9F5A64-28B5-43C4-BFAF-497279262AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "531BD1D4-D1E6-499C-9455-E824FB9C635A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB357E8-F0AE-4646-B956-05DFD098E720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2899B4-945A-44DC-B2A6-ED5458DECC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C14FCA-01ED-4F17-A8BB-4D4B03B31382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E602A351-EDFE-49B4-8787-DC2CC113832B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91A65E-6D3C-480A-A033-1346244FCD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF75E6C-C72E-4056-8B2F-DC1E7E0F0E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911B82D6-F727-4D79-A959-C55C3AEADD90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73C21299-CCBC-40CE-A7B4-6C0DCCEC0604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BA10B-8449-4540-8F6B-4DAE18145AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77F27063-6AFD-42D6-A807-79BBD6B3827B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE12B65-5CB9-4AAA-956C-7553D24C7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0AADB76A-9280-4696-AB15-8FFBDCAA4E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5F49C554-718A-4860-A773-D7D601A3F6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD319522-02CC-4E04-A7B3-A64CBBA66624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A90E0828-ABAA-4CFA-BDF9-2FED7D176F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6796F6F3-2E98-4F78-8CCD-B0FF3DC31F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD80959-9214-4D50-AE6D-674E67D94C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "434386D1-E867-4963-9358-C02C061C6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F2F4D2-70F9-4D97-8813-77A2E6A94CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCB2107-062A-46AA-B0D7-8B21EEC733CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B7237B58-CBA5-4874-96E4-29E415628982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDDFAB9-7D8C-4E90-9DA2-660C29C286CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en ecrire/action/logout.php de SPIP anterior a la versi\u00f3n 2.1.24 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios por solicitudes que cierren la sesi\u00f3n del usuario a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-4555",
"lastModified": "2024-11-21T01:55:49.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-18T02:55:08.203",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20874"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55551"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1029317"
},
{
"source": "secalert@redhat.com",
"url": "http://www.spip.net/fr_article5646.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.debian.org/security/2013/dsa-2794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://core.spip.org/projects/spip/repository/revisions/20874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.spip.net/fr_article5646.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2013/dsa-2794"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-27 21:15
Modified
2024-11-21 07:47
Severity ?
Summary
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22E695BD-3A5E-4684-A99F-FC6B30F474A1",
"versionEndIncluding": "4.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request."
}
],
"id": "CVE-2023-24258",
"lastModified": "2024-11-21T07:47:38.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-27T21:15:11.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2023/dsa-5325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2023/dsa-5325"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-01 18:30
Modified
2024-11-21 01:06
Severity ?
Summary
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | 1.9 | |
| spip | spip | 1.9 | |
| spip | spip | 1.9.1 | |
| spip | spip | 1.9.2c | |
| spip | spip | 1.9.2d | |
| spip | spip | 1.9.2g | |
| spip | spip | 1.9.2h | |
| spip | spip | 1.9.alpha1 | |
| spip | spip | 2.0 | |
| spip | spip | 2.0.0 | |
| spip | spip | 2.0.1 | |
| spip | spip | 2.0.2 | |
| spip | spip | 2.0.3 | |
| spip | spip | 2.0.4 | |
| spip | spip | 2.0.5 | |
| spip | spip | 2.0.6 | |
| spip | spip | 2.0.7 | |
| spip | spip | 2.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A71331-3291-4A16-80DC-32365C9EDAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "324F81F8-E104-49FD-ABF5-96C9EFF42F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65B5367-E751-40B9-B022-B10421B6E7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "AD35BCDB-E05F-45D7-9B2A-604A1DEF0B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "56F0AC27-1BDD-435F-8ED1-0AD108E83DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "A29C0816-7A4E-49BE-AB9F-D6E51C5DA6C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.2h:*:*:*:*:*:*:*",
"matchCriteriaId": "0D39BD0E-5B03-4B7B-86E4-AEDC8B9C185E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:1.9.alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEC67D9-8D16-4943-B66F-07C269498E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5168F84-0D94-41A6-B0A2-CA43BF6BD0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1ED3E6-4FD2-43FE-A87B-FB7C39F0066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C6572-561B-400C-9060-55473A3F02EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F3FB07-3CA8-4A41-AAEA-9719B44DEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4A7340-3BBE-4ABB-A7A2-6ECA951C46E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16142135-D7C6-4090-8ADC-51979C95EE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "771B6518-8EAB-4A88-ACD9-6AA8AC551511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "956220B5-85C3-4C40-B6C5-99251360ADD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009."
},
{
"lang": "es",
"value": "SPIP v1.9 anterior v1.9.2i y v2.0.x hasta 2.0.8 no usa propiedades de control de acceso para 1) ecrire/exec/install.php y(2) ecrire/index.php, permitiendo a atacantes remotos dirigir actividades no autorizadas relacionadas con la instalaci\u00f3n y copias de seguridad, tal como se ha explotado en Agosto de 2009."
}
],
"id": "CVE-2009-3041",
"lastModified": "2024-11-21T01:06:22.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-01T18:30:04.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://fil.rezo.net/secu-14346-14350+14354.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36365"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36008"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.spip-contrib.net/SPIP-Security-Alert-new-version"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://fil.rezo.net/secu-14346-14350+14354.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.spip-contrib.net/SPIP-Security-Alert-new-version"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52381"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-19 05:15
Modified
2024-11-21 08:58
Severity ?
Summary
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F53AAF3-4FED-4D8C-8E10-4EED126086FE",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "000974CE-80E7-4809-9EC8-85AEB42EE303",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js."
},
{
"lang": "es",
"value": "SPIP anterior a 4.1.14 y 4.2.x anterior a 4.2.8 permite XSS mediante el nombre de un archivo cargado. Esto est\u00e1 relacionado con javascript/bigup.js y javascript/bigup.utils.js."
}
],
"id": "CVE-2024-23659",
"lastModified": "2024-11-21T08:58:06.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-19T05:15:09.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-26 12:15
Modified
2024-11-21 06:30
Severity ?
Summary
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E022D11-1000-4D8D-9D85-275CE84736AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it."
},
{
"lang": "es",
"value": "SPIP versi\u00f3n 4.0.0 est\u00e1 afectado por una vulnerabilidad de ejecuci\u00f3n remota de comandos. Para explotar la vulnerabilidad, un atacante debe dise\u00f1ar una imagen maliciosa con doble extensi\u00f3n, subirla y luego hacer clic en ella para ejecutarla"
}
],
"id": "CVE-2021-44123",
"lastModified": "2024-11-21T06:30:24.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-26T12:15:07.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-06 16:15
Modified
2024-09-18 18:05
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| disclosure@vulncheck.com | https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html | Vendor Advisory | |
| disclosure@vulncheck.com | https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/ | Exploit, Third Party Advisory | |
| disclosure@vulncheck.com | https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/ | Exploit, Third Party Advisory | |
| disclosure@vulncheck.com | https://vulncheck.com/advisories/spip-upload-rce | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E48335D1-94D2-4A75-960D-804C92C246BC",
"versionEndExcluding": "4.1.18",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B05B0286-ED29-4860-A5A7-FF196A65F066",
"versionEndIncluding": "4.2.15",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBB7226-E320-4997-A541-B3EA402C643F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "425F3BC4-EB81-4BB8-96DB-D26C0154C11B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 4.3.2, 4.2.16, and \n4.1.18 is vulnerable to a command injection issue. A \nremote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request."
},
{
"lang": "es",
"value": "SPIP anterior a 4.3.2, 4.2.16 y 4.1.18 es vulnerable a un problema de inyecci\u00f3n de comandos. Un atacante remoto y no autenticado puede ejecutar comandos arbitrarios del sistema operativo enviando una solicitud HTTP de carga de archivo multiparte manipulada."
}
],
"id": "CVE-2024-8517",
"lastModified": "2024-09-18T18:05:03.553",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-06T16:15:03.793",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/spip-upload-rce"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-646"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-19 21:15
Modified
2024-11-21 06:58
Severity ?
Summary
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAC5014-5C46-4090-A05D-312F001C10EC",
"versionEndExcluding": "3.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n PHP en Spip versiones anteriores a v3.2.8, permite a atacantes ejecutar c\u00f3digo PHP arbitrario por medio del par\u00e1metro _oups en /ecrire"
}
],
"id": "CVE-2022-28960",
"lastModified": "2024-11-21T06:58:14.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-19T21:15:08.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-22 11:03
Modified
2024-11-21 00:04
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91DEC874-206B-4C45-92F5-C6C650F92782",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3."
}
],
"id": "CVE-2005-4494",
"lastModified": "2024-11-21T00:04:23.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-12-22T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18211"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21864"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21865"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16019"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-02 11:02
Modified
2024-11-21 00:06
Severity ?
Summary
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B9F0E6-15A4-4636-BA8A-0AAAC73E5046",
"versionEndIncluding": "1.8.2e",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "741F5196-A7CF-4588-BC51-D7D284308789",
"versionEndIncluding": "1.9_alpha2_5539",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message."
}
],
"id": "CVE-2006-0519",
"lastModified": "2024-11-21T00:06:38.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-02T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18676"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-17 21:15
Modified
2024-11-21 04:30
Severity ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| spip | spip | * | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C9CE90-F244-458C-B475-28F2298D6C17",
"versionEndExcluding": "3.1.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054DE097-C977-4694-9F80-ADF007A3CA36",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php."
},
{
"lang": "es",
"value": "SPIP versiones anteriores a 3.1.11 y versiones 3.2 anteriores a 3.2.5, permite a visitantes autenticados modificar cualquier contenido publicado y ejecutar otras modificaciones en la base de datos. Esto est\u00e1"
}
],
"id": "CVE-2019-16391",
"lastModified": "2024-11-21T04:30:37.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-17T21:15:11.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 03:15
Severity ?
Summary
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CFB17-F737-46CE-9DC7-32FD7AB482AA",
"versionEndIncluding": "3.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) (persistente) en SPIP en versiones anteriores a la 3.1.7 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante una cadena manipulada, tal y como demuestra un campo PGP, relacionado con prive/objets/contenu/auteur.html y ecrire/inc/texte_mini.php."
}
],
"id": "CVE-2017-15736",
"lastModified": "2024-11-21T03:15:07.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23701"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2018/dsa-4228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2024-11-21 02:58
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "108B7E4F-1501-4193-BF95-B2D3465FCB10",
"versionEndIncluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores de las solicitudes que ejecutan el validador XML en un archivo local a trav\u00e9s de una solicitud valider_xml manipulada. NOTA: este problema se puede combinar con CVE-2016-7998 para ejecutar c\u00f3digo PHP arbitrario."
}
],
"id": "CVE-2016-7980",
"lastModified": "2024-11-21T02:58:50.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T17:59:00.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/93451"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23203"
},
{
"source": "cve@mitre.org",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-05 18:59
Modified
2024-11-21 03:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94658 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037392 | ||
| cve@mitre.org | https://core.spip.net/projects/spip/repository/revisions/23290 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94658 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037392 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://core.spip.net/projects/spip/repository/revisions/23290 | Issue Tracking, Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0230D10E-96C6-4C13-BF75-E4B398AAE741",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en ecrire/exec/plonger.php en SPIP 3.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro rac."
}
],
"id": "CVE-2016-9152",
"lastModified": "2024-11-21T03:00:42.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-05T18:59:01.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94658"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037392"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://core.spip.net/projects/spip/repository/revisions/23290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-26 12:15
Modified
2024-11-21 06:30
Severity ?
Summary
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E022D11-1000-4D8D-9D85-275CE84736AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF)."
},
{
"lang": "es",
"value": "SPIP versi\u00f3n 4.0.0 est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en los archivos ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. Para explotar la vulnerabilidad, un visitante debe visitar un sitio web malicioso que redirija al sitio web de SPIP. Tambi\u00e9n es posible combinar las vulnerabilidades de tipo XSS de SPIP versi\u00f3n 4.0.0 para explotarla. La vulnerabilidad permite a un atacante autenticado ejecutar c\u00f3digo malicioso sin el conocimiento del usuario en el sitio web (CSRF)"
}
],
"id": "CVE-2021-44122",
"lastModified": "2024-11-21T06:30:24.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-26T12:15:07.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-02 11:02
Modified
2024-11-21 00:06
Severity ?
Summary
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B9F0E6-15A4-4636-BA8A-0AAAC73E5046",
"versionEndIncluding": "1.8.2e",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "741F5196-A7CF-4588-BC51-D7D284308789",
"versionEndIncluding": "1.9_alpha2_5539",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to \"session handling\"; and (5) when posting \"petitions\"."
}
],
"id": "CVE-2006-0517",
"lastModified": "2024-11-21T00:06:38.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-02T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18676"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/395"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015556"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22844"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22845"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22848"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/423655/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16458"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24397"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/423655/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24397"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-17 21:15
Modified
2024-11-21 04:30
Severity ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| spip | spip | * | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C9CE90-F244-458C-B475-28F2298D6C17",
"versionEndExcluding": "3.1.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054DE097-C977-4694-9F80-ADF007A3CA36",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character."
},
{
"lang": "es",
"value": "SPIP versiones anteriores a 3.1.11 y versiones 3.2 anteriores a 3.2.5, maneja inapropiadamente las URL de redireccionamiento en el archivo ecrire/inc/headers.php con un car\u00e1cter %0D,%0A o %20."
}
],
"id": "CVE-2019-16393",
"lastModified": "2024-11-21T04:30:37.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-17T21:15:11.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://core.spip.net/issues/4362"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://core.spip.net/issues/4362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4536-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4532"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-30 21:55
Modified
2024-11-21 02:00
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| spip | spip | 2.0.1 | |
| spip | spip | 2.0.2 | |
| spip | spip | 2.0.3 | |
| spip | spip | 2.0.4 | |
| spip | spip | 2.0.5 | |
| spip | spip | 2.0.6 | |
| spip | spip | 2.0.7 | |
| spip | spip | 2.0.8 | |
| spip | spip | 2.0.9 | |
| spip | spip | 2.0.10 | |
| spip | spip | 2.0.11 | |
| spip | spip | 2.0.12 | |
| spip | spip | 2.0.13 | |
| spip | spip | 2.0.14 | |
| spip | spip | 2.0.15 | |
| spip | spip | 2.0.16 | |
| spip | spip | 2.0.17 | |
| spip | spip | 2.0.18 | |
| spip | spip | 2.0.19 | |
| spip | spip | 2.0.20 | |
| spip | spip | 2.0.21 | |
| spip | spip | 2.0.22 | |
| spip | spip | 2.1 | |
| spip | spip | 2.1.1 | |
| spip | spip | 2.1.2 | |
| spip | spip | 2.1.10 | |
| spip | spip | 2.1.11 | |
| spip | spip | 2.1.12 | |
| spip | spip | 2.1.13 | |
| spip | spip | 2.1.14 | |
| spip | spip | 2.1.15 | |
| spip | spip | 2.1.16 | |
| spip | spip | 2.1.17 | |
| spip | spip | 2.1.18 | |
| spip | spip | 2.1.19 | |
| spip | spip | 2.1.20 | |
| spip | spip | 2.1.21 | |
| spip | spip | 2.1.22 | |
| spip | spip | 2.1.23 | |
| spip | spip | 3.0.0 | |
| spip | spip | 3.0.1 | |
| spip | spip | 3.0.2 | |
| spip | spip | 3.0.3 | |
| spip | spip | 3.0.4 | |
| spip | spip | 3.0.5 | |
| spip | spip | 3.0.6 | |
| spip | spip | 3.0.7 | |
| spip | spip | 3.0.8 | |
| spip | spip | 3.0.9 | |
| spip | spip | 3.0.10 | |
| spip | spip | 3.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F02D2980-134F-4164-AED1-643B16890FA8",
"versionEndIncluding": "2.1.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1ED3E6-4FD2-43FE-A87B-FB7C39F0066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C6572-561B-400C-9060-55473A3F02EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F3FB07-3CA8-4A41-AAEA-9719B44DEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4A7340-3BBE-4ABB-A7A2-6ECA951C46E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16142135-D7C6-4090-8ADC-51979C95EE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "771B6518-8EAB-4A88-ACD9-6AA8AC551511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "956220B5-85C3-4C40-B6C5-99251360ADD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ED43C820-453D-41F1-9EDA-365AB9FE3318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04D7C38A-7FAD-4959-9195-E355A1EDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA607E4-A17B-4ED5-8C24-965414177B32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FFE25B-123B-4E80-8873-4CA856BD54A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1973A3-DC9B-400C-BC62-2688CCDCA55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6F0DEB-A3E8-43CD-AF06-159C1E2C6DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "96B93634-FC6D-43E8-AAF3-B5AE2996F0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA15FCA-F0E0-41C3-A7B6-04019736F125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "46EB4CB6-9CD6-48FA-84E5-2D749C9B209E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3E295308-01B7-4A22-9F54-3D3112CCC241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "847E1C3D-1AFD-4612-8419-3C04F02F74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B77D58B6-30BB-4ED0-8C5D-0DC8F9639AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9F5A64-28B5-43C4-BFAF-497279262AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "531BD1D4-D1E6-499C-9455-E824FB9C635A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2E3A2E-898F-4067-9112-DC5E6EF9A261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB357E8-F0AE-4646-B956-05DFD098E720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2899B4-945A-44DC-B2A6-ED5458DECC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77F27063-6AFD-42D6-A807-79BBD6B3827B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE12B65-5CB9-4AAA-956C-7553D24C7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0AADB76A-9280-4696-AB15-8FFBDCAA4E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5F49C554-718A-4860-A773-D7D601A3F6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD319522-02CC-4E04-A7B3-A64CBBA66624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A90E0828-ABAA-4CFA-BDF9-2FED7D176F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6796F6F3-2E98-4F78-8CCD-B0FF3DC31F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD80959-9214-4D50-AE6D-674E67D94C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "434386D1-E867-4963-9358-C02C061C6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F2F4D2-70F9-4D97-8813-77A2E6A94CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCB2107-062A-46AA-B0D7-8B21EEC733CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B7237B58-CBA5-4874-96E4-29E415628982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDDFAB9-7D8C-4E90-9DA2-660C29C286CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:2.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7861FBFA-A859-40A1-81C0-36E3E7A396A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEACDF93-E23D-4DD8-8404-1A9FF6E30AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4037A30-ECB1-4416-B2C4-11C74C862922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0940E772-693A-4C37-843D-26FE94F2A872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "12D453E4-AD84-499D-AC00-16B609F4B2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D991DBB-7AD1-4BEA-B18F-078D23EAFA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5309CE-6C06-45F2-9C13-F1A4926D480E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD45F13F-DD59-4A15-8A40-DE918FEF9A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D9962195-7B5C-43F1-B5C9-982F1D422804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11285E4F-DF81-4994-B269-B382ECC690D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "284DD051-7E34-4AA4-90D4-B63071F04B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B5717886-316C-4FDE-99E3-E4F90C9C5137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "43340829-7234-419A-A221-AC496B08C34D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en (1) squelettes-dist/formulaires/inscription.php y (2) prive/forms/editer_auteur.php de SPIP anterior a la versi\u00f3n 2.1.25 y 3.0.x anterior a 3.0.13 permite a atacantes remotos inyectar script Web o HTML arbitrario a trav\u00e9s del campo de nombre de autor."
}
],
"id": "CVE-2013-7303",
"lastModified": "2024-11-21T02:00:41.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-30T21:55:04.670",
"references": [
{
"source": "security@debian.org",
"url": "http://core.spip.org/projects/spip/repository/revisions/20902"
},
{
"source": "security@debian.org",
"url": "http://seclists.org/oss-sec/2014/q1/123"
},
{
"source": "security@debian.org",
"url": "http://seclists.org/oss-sec/2014/q1/128"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/56381"
},
{
"source": "security@debian.org",
"url": "http://www.securitytracker.com/id/1029703"
},
{
"source": "security@debian.org",
"url": "http://www.spip.net/fr_article5648.html"
},
{
"source": "security@debian.org",
"url": "http://www.spip.net/fr_article5665.html"
},
{
"source": "security@debian.org",
"url": "http://zone.spip.org/trac/spip-zone/changeset/77768"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://core.spip.org/projects/spip/repository/revisions/20902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.spip.net/fr_article5648.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.spip.net/fr_article5665.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zone.spip.org/trac/spip-zone/changeset/77768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90643"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-23 22:15
Modified
2024-11-21 05:23
Severity ?
Summary
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8 | Patch, Vendor Advisory | |
| cve@mitre.org | https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4798 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4798 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| spip | spip | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAC5014-5C46-4090-A05D-312F001C10EC",
"versionEndExcluding": "3.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters."
},
{
"lang": "es",
"value": "El archivo prive/formulaires/configurer_preferences.php en SPIP versi\u00f3n anterior a 3.2.8, no valida correctamente los par\u00e1metros couleur, display, display_navigation, display_outils, imessage y spip_ecran"
}
],
"id": "CVE-2020-28984",
"lastModified": "2024-11-21T05:23:26.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-23T22:15:12.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4798"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}