Vulnerabilites related to spip - spip
cve-2006-0519
Vulnerability from cvelistv5
Published
2006-02-02 11:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
References
▼ | URL | Tags |
---|---|---|
http://www.zone-h.org/en/advisories/read/id=8650/ | x_refsource_MISC | |
http://secunia.com/advisories/18676 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2006/0398 | vdb-entry, x_refsource_VUPEN | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/24399 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:41:28.417Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zone-h.org/en/advisories/read/id=8650/" }, { "name": "18676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18676" }, { "name": "ADV-2006-0398", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/0398" }, { "name": "spip-incmessforum-path-disclosure(24399)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.zone-h.org/en/advisories/read/id=8650/" }, { "name": "18676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18676" }, { "name": "ADV-2006-0398", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/0398" }, { "name": "spip-incmessforum-path-disclosure(24399)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0519", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.zone-h.org/en/advisories/read/id=8650/", "refsource": "MISC", "url": "http://www.zone-h.org/en/advisories/read/id=8650/" }, { "name": "18676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18676" }, { "name": "ADV-2006-0398", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0398" }, { "name": "spip-incmessforum-path-disclosure(24399)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0519", "datePublished": "2006-02-02T11:00:00", "dateReserved": "2006-02-02T00:00:00", "dateUpdated": "2024-08-07T16:41:28.417Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-4331
Vulnerability from cvelistv5
Published
2012-08-14 22:00
Modified
2024-09-16 16:33
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1026970 | vdb-entry, x_refsource_SECTRACK | |
http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/ | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:35:08.869Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1026970", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026970" }, { "name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-08-14T22:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1026970", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026970" }, { "name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4331", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1026970", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026970" }, { "name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables", "refsource": "MLIST", "url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4331", "datePublished": "2012-08-14T22:00:00Z", "dateReserved": "2012-08-14T00:00:00Z", "dateUpdated": "2024-09-16T16:33:40.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-16394
Vulnerability from cvelistv5
Published
2019-09-17 20:47
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
References
▼ | URL | Tags |
---|---|---|
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html | x_refsource_MISC | |
https://core.spip.net/issues/4171 | x_refsource_MISC | |
https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone | x_refsource_MISC | |
https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone | x_refsource_MISC | |
https://seclists.org/bugtraq/2019/Sep/40 | mailing-list, x_refsource_BUGTRAQ | |
https://www.debian.org/security/2019/dsa-4532 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:17:39.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://core.spip.net/issues/4171" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4532" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-28T17:06:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://core.spip.net/issues/4171" }, { "tags": [ "x_refsource_MISC" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone" }, { "tags": [ "x_refsource_MISC" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4532" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16394", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "name": "https://core.spip.net/issues/4171", "refsource": "MISC", "url": "https://core.spip.net/issues/4171" }, { "name": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone", "refsource": "MISC", "url": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone" }, { "name": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone", "refsource": "MISC", "url": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4532" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4536-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16394", "datePublished": "2019-09-17T20:47:50", "dateReserved": "2019-09-17T00:00:00", "dateUpdated": "2024-08-05T01:17:39.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-7303
Vulnerability from cvelistv5
Published
2014-01-30 21:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/56381 | third-party-advisory, x_refsource_SECUNIA | |
http://core.spip.org/projects/spip/repository/revisions/20902 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/90643 | vdb-entry, x_refsource_XF | |
http://www.securitytracker.com/id/1029703 | vdb-entry, x_refsource_SECTRACK | |
http://seclists.org/oss-sec/2014/q1/128 | mailing-list, x_refsource_MLIST | |
http://www.spip.net/fr_article5665.html | x_refsource_CONFIRM | |
http://zone.spip.org/trac/spip-zone/changeset/77768 | x_refsource_CONFIRM | |
http://www.spip.net/fr_article5648.html | x_refsource_CONFIRM | |
http://seclists.org/oss-sec/2014/q1/123 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:01:20.570Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "56381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56381" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://core.spip.org/projects/spip/repository/revisions/20902" }, { "name": "spip-cve20137303-xss(90643)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90643" }, { "name": "1029703", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029703" }, { "name": "[oss-security] 20140120 Re: CVE request: spip: cross-site scripting vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://seclists.org/oss-sec/2014/q1/128" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.spip.net/fr_article5665.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://zone.spip.org/trac/spip-zone/changeset/77768" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.spip.net/fr_article5648.html" }, { "name": "[oss-security] 20140120 CVE request: spip: cross-site scripting vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://seclists.org/oss-sec/2014/q1/123" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-01-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "56381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56381" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://core.spip.org/projects/spip/repository/revisions/20902" }, { "name": "spip-cve20137303-xss(90643)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90643" }, { "name": "1029703", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029703" }, { "name": "[oss-security] 20140120 Re: CVE request: spip: cross-site scripting vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://seclists.org/oss-sec/2014/q1/128" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.spip.net/fr_article5665.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://zone.spip.org/trac/spip-zone/changeset/77768" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.spip.net/fr_article5648.html" }, { "name": "[oss-security] 20140120 CVE request: spip: cross-site scripting vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://seclists.org/oss-sec/2014/q1/123" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2013-7303", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "56381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56381" }, { "name": "http://core.spip.org/projects/spip/repository/revisions/20902", "refsource": "CONFIRM", "url": "http://core.spip.org/projects/spip/repository/revisions/20902" }, { "name": "spip-cve20137303-xss(90643)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90643" }, { "name": "1029703", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029703" }, { "name": "[oss-security] 20140120 Re: CVE request: spip: cross-site scripting vulnerability", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q1/128" }, { "name": "http://www.spip.net/fr_article5665.html", "refsource": "CONFIRM", "url": "http://www.spip.net/fr_article5665.html" }, { "name": "http://zone.spip.org/trac/spip-zone/changeset/77768", "refsource": "CONFIRM", "url": "http://zone.spip.org/trac/spip-zone/changeset/77768" }, { "name": "http://www.spip.net/fr_article5648.html", "refsource": "CONFIRM", "url": "http://www.spip.net/fr_article5648.html" }, { "name": "[oss-security] 20140120 CVE request: spip: cross-site scripting vulnerability", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q1/123" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2013-7303", "datePublished": "2014-01-30T21:00:00", "dateReserved": "2014-01-20T00:00:00", "dateUpdated": "2024-08-06T18:01:20.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7999
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/93451 | vdb-entry, x_refsource_BID | |
https://core.spip.net/projects/spip/repository/revisions/23193 | x_refsource_CONFIRM | |
https://core.spip.net/projects/spip/repository/revisions/23188 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/10/07/5 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/10/08/6 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/10/05/17 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/10/12/10 | mailing-list, x_refsource_MLIST | |
https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:13:21.810Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "93451", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93451" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23193" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23188" }, { "name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/07/5" }, { "name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "name": "[oss-security] 20161012 CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/12/10" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-05T00:00:00", "descriptions": [ { "lang": "en", "value": "ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-23T01:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "93451", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93451" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23193" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23188" }, { "name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/07/5" }, { "name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "name": "[oss-security] 20161012 CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/12/10" }, { "tags": [ "x_refsource_MISC" ], "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7999", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "93451", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93451" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23193", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23193" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23188", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23188" }, { "name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/07/5" }, { "name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/08/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "name": "[oss-security] 20161012 CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/12/10" }, { "name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/", "refsource": "MISC", "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7999", "datePublished": "2017-01-18T17:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:13:21.810Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-4556
Vulnerability from cvelistv5
Published
2013-11-15 18:16
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2013/dsa-2794 | vendor-advisory, x_refsource_DEBIAN | |
http://core.spip.org/projects/spip/repository/revisions/20880 | x_refsource_CONFIRM | |
http://www.spip.net/fr_article5646.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1029317 | vdb-entry, x_refsource_SECTRACK | |
http://www.openwall.com/lists/oss-security/2013/11/10/4 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/55551 | third-party-advisory, x_refsource_SECUNIA | |
http://www.spip.net/fr_article5648.html | x_refsource_CONFIRM | |
http://core.spip.org/projects/spip/repository/revisions/20879 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:45:15.144Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2794", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2013/dsa-2794" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://core.spip.org/projects/spip/repository/revisions/20880" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.spip.net/fr_article5646.html" }, { "name": "1029317", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029317" }, { "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" }, { "name": "55551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55551" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.spip.net/fr_article5648.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://core.spip.org/projects/spip/repository/revisions/20879" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-06T13:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-2794", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2013/dsa-2794" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://core.spip.org/projects/spip/repository/revisions/20880" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.spip.net/fr_article5646.html" }, { "name": "1029317", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029317" }, { "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" }, { "name": "55551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55551" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.spip.net/fr_article5648.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://core.spip.org/projects/spip/repository/revisions/20879" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4556", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2794", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2013/dsa-2794" }, { "name": "http://core.spip.org/projects/spip/repository/revisions/20880", "refsource": "CONFIRM", "url": "http://core.spip.org/projects/spip/repository/revisions/20880" }, { "name": "http://www.spip.net/fr_article5646.html", "refsource": "CONFIRM", "url": "http://www.spip.net/fr_article5646.html" }, { "name": "1029317", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029317" }, { "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" }, { "name": "55551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55551" }, { "name": "http://www.spip.net/fr_article5648.html", "refsource": "CONFIRM", "url": "http://www.spip.net/fr_article5648.html" }, { "name": "http://core.spip.org/projects/spip/repository/revisions/20879", "refsource": "CONFIRM", "url": "http://core.spip.org/projects/spip/repository/revisions/20879" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4556", "datePublished": "2013-11-15T18:16:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:15.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-0517
Vulnerability from cvelistv5
Published
2006-02-02 11:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html | mailing-list, x_refsource_FULLDISC | |
http://www.securityfocus.com/bid/16458 | vdb-entry, x_refsource_BID | |
http://www.osvdb.org/22845 | vdb-entry, x_refsource_OSVDB | |
http://www.osvdb.org/22848 | vdb-entry, x_refsource_OSVDB | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/24397 | vdb-entry, x_refsource_XF | |
http://www.zone-h.org/en/advisories/read/id=8650/ | x_refsource_MISC | |
http://www.osvdb.org/22844 | vdb-entry, x_refsource_OSVDB | |
http://securitytracker.com/id?1015556 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/24397 | vdb-entry, x_refsource_BID | |
http://secunia.com/advisories/18676 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/archive/1/423655/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://www.vupen.com/english/advisories/2006/0398 | vdb-entry, x_refsource_VUPEN | |
http://securityreason.com/securityalert/395 | third-party-advisory, x_refsource_SREASON |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:41:27.540Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html" }, { "name": "16458", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16458" }, { "name": "22845", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/22845" }, { "name": "22848", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/22848" }, { "name": "spip-forum-sql-injection(24397)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24397" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zone-h.org/en/advisories/read/id=8650/" }, { "name": "22844", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/22844" }, { "name": "1015556", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015556" }, { "name": "24397", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24397" }, { "name": "18676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18676" }, { "name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/423655/100/0/threaded" }, { "name": "ADV-2006-0398", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/0398" }, { "name": "395", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/395" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to \"session handling\"; and (5) when posting \"petitions\"." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html" }, { "name": "16458", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16458" }, { "name": "22845", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/22845" }, { "name": "22848", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/22848" }, { "name": "spip-forum-sql-injection(24397)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24397" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zone-h.org/en/advisories/read/id=8650/" }, { "name": "22844", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/22844" }, { "name": "1015556", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015556" }, { "name": "24397", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24397" }, { "name": "18676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18676" }, { "name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/423655/100/0/threaded" }, { "name": "ADV-2006-0398", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/0398" }, { "name": "395", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/395" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0517", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to \"session handling\"; and (5) when posting \"petitions\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html" }, { "name": "16458", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16458" }, { "name": "22845", "refsource": "OSVDB", "url": "http://www.osvdb.org/22845" }, { "name": "22848", "refsource": "OSVDB", "url": "http://www.osvdb.org/22848" }, { "name": "spip-forum-sql-injection(24397)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24397" }, { "name": "http://www.zone-h.org/en/advisories/read/id=8650/", "refsource": "MISC", "url": "http://www.zone-h.org/en/advisories/read/id=8650/" }, { "name": "22844", "refsource": "OSVDB", "url": "http://www.osvdb.org/22844" }, { "name": "1015556", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015556" }, { "name": "24397", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24397" }, { "name": "18676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18676" }, { "name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/423655/100/0/threaded" }, { "name": "ADV-2006-0398", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0398" }, { "name": "395", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/395" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0517", "datePublished": "2006-02-02T11:00:00", "dateReserved": "2006-02-02T00:00:00", "dateUpdated": "2024-08-07T16:41:27.540Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26846
Vulnerability from cvelistv5
Published
2022-03-10 04:58
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
References
▼ | URL | Tags |
---|---|---|
https://lists.debian.org/debian-security-announce/2022/msg00060.html | x_refsource_MISC | |
https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html | x_refsource_MISC | |
https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.562Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2" }, { "name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-15T12:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2" }, { "name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-26846", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.debian.org/debian-security-announce/2022/msg00060.html", "refsource": "MISC", "url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html" }, { "name": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html" }, { "name": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2", "refsource": "MISC", "url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2" }, { "name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-26846", "datePublished": "2022-03-10T04:58:29", "dateReserved": "2022-03-10T00:00:00", "dateUpdated": "2024-08-03T05:11:44.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-8517
Vulnerability from cvelistv5
Published
2024-09-06 15:55
Modified
2024-09-09 15:49
Severity ?
EPSS score ?
Summary
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
References
▼ | URL | Tags |
---|---|---|
https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/ | exploit, technical-description | |
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html | vendor-advisory | |
https://vulncheck.com/advisories/spip-upload-rce | third-party-advisory | |
https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/ | exploit, technical-description |
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "spip", "vendor": "spip", "versions": [ { "lessThanOrEqual": "4.3.1", "status": "affected", "version": "4.3.0", "versionType": "custom" }, { "lessThanOrEqual": "4.2.15", "status": "affected", "version": "4.2.0", "versionType": "custom" }, { "lessThan": "4.1.18", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-8517", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:29:04.243583Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:30:45.388Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SPIP", "vendor": "SPIP", "versions": [ { "lessThanOrEqual": "4.3.1", "status": "affected", "version": "4.3.0", "versionType": "semver" }, { "lessThanOrEqual": "4.2.15", "status": "affected", "version": "4.2.0", "versionType": "semver" }, { "lessThanOrEqual": "4.1.18", "status": "affected", "version": "4.1.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Louka Jacques-Chevallier" }, { "lang": "en", "type": "finder", "value": "Arthur Deloffre" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SPIP before 4.3.2, 4.2.16, and \n4.1.18 is vulnerable to a command injection issue. A \nremote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.\u003cbr\u003e" } ], "value": "SPIP before 4.3.2, 4.2.16, and \n4.1.18 is vulnerable to a command injection issue. A \nremote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request." } ], "impacts": [ { "capecId": "CAPEC-88", "descriptions": [ { "lang": "en", "value": "CAPEC-88 OS Command Injection" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-646", "description": "CWE-646: Reliance on File Name or Extension of Externally-Supplied File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-09T15:49:22.874Z", "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck" }, "references": [ { "tags": [ "exploit", "technical-description" ], "url": "https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/" }, { "tags": [ "vendor-advisory" ], "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html" }, { "tags": [ "third-party-advisory" ], "url": "https://vulncheck.com/advisories/spip-upload-rce" }, { "tags": [ "exploit", "technical-description" ], "url": "https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/" } ], "source": { "discovery": "UNKNOWN" }, "title": "SPIP Bigup Multipart File Upload OS Command Injection", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "assignerShortName": "VulnCheck", "cveId": "CVE-2024-8517", "datePublished": "2024-09-06T15:55:35.349Z", "dateReserved": "2024-09-06T14:37:41.755Z", "dateUpdated": "2024-09-09T15:49:22.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28961
Vulnerability from cvelistv5
Published
2022-05-19 20:26
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
References
▼ | URL | Tags |
---|---|---|
https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/ | x_refsource_MISC | |
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html | x_refsource_MISC | |
https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/ | x_refsource_MISC | |
https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 | x_refsource_MISC | |
https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:57.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-19T20:26:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28961", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/", "refsource": "MISC", "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "name": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/", "refsource": "MISC", "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" }, { "name": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4", "refsource": "MISC", "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "name": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf", "refsource": "MISC", "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28961", "datePublished": "2022-05-19T20:26:16", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:57.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-0626
Vulnerability from cvelistv5
Published
2006-02-09 18:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/16551 | vdb-entry, x_refsource_BID | |
http://www.osvdb.org/23087 | vdb-entry, x_refsource_OSVDB | |
http://www.vupen.com/english/advisories/2006/0483 | vdb-entry, x_refsource_VUPEN | |
http://secunia.com/advisories/18676 | third-party-advisory, x_refsource_SECUNIA | |
http://securitytracker.com/id?1015602 | vdb-entry, x_refsource_SECTRACK | |
http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/24599 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:41:28.992Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "16551", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16551" }, { "name": "23087", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/23087" }, { "name": "ADV-2006-0483", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/0483" }, { "name": "18676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18676" }, { "name": "1015602", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015602" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html" }, { "name": "spip-access-doc-sql-injection(24599)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24599" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "16551", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16551" }, { "name": "23087", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/23087" }, { "name": "ADV-2006-0483", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/0483" }, { "name": "18676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18676" }, { "name": "1015602", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015602" }, { "tags": [ "x_refsource_MISC" ], "url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html" }, { "name": "spip-access-doc-sql-injection(24599)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24599" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0626", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "16551", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16551" }, { "name": "23087", "refsource": "OSVDB", "url": "http://www.osvdb.org/23087" }, { "name": "ADV-2006-0483", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0483" }, { "name": "18676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18676" }, { "name": "1015602", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015602" }, { "name": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html" }, { "name": "spip-access-doc-sql-injection(24599)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24599" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0626", "datePublished": "2006-02-09T18:00:00", "dateReserved": "2006-02-09T00:00:00", "dateUpdated": "2024-08-07T16:41:28.992Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-9736
Vulnerability from cvelistv5
Published
2017-06-17 16:00
Modified
2024-08-05 17:18
Severity ?
EPSS score ?
Summary
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2017/dsa-3890 | vendor-advisory, x_refsource_DEBIAN | |
https://core.spip.net/projects/spip/repository/revisions/23593 | x_refsource_CONFIRM | |
https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta | x_refsource_CONFIRM | |
https://core.spip.net/projects/spip/repository/revisions/23594 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:18:01.323Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-3890", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3890" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23593" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23594" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-06-17T00:00:00", "descriptions": [ { "lang": "en", "value": "SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-3890", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3890" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23593" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23594" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9736", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-3890", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3890" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23593", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23593" }, { "name": "https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta", "refsource": "CONFIRM", "url": "https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23594", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23594" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9736", "datePublished": "2017-06-17T16:00:00", "dateReserved": "2017-06-17T00:00:00", "dateUpdated": "2024-08-05T17:18:01.323Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-16393
Vulnerability from cvelistv5
Published
2019-09-17 20:48
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
References
▼ | URL | Tags |
---|---|---|
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html | x_refsource_MISC | |
https://core.spip.net/issues/4362 | x_refsource_MISC | |
https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1 | x_refsource_MISC | |
https://seclists.org/bugtraq/2019/Sep/40 | mailing-list, x_refsource_BUGTRAQ | |
https://www.debian.org/security/2019/dsa-4532 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:17:39.423Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://core.spip.net/issues/4362" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4532" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-28T17:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://core.spip.net/issues/4362" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4532" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16393", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "name": "https://core.spip.net/issues/4362", "refsource": "MISC", "url": "https://core.spip.net/issues/4362" }, { "name": "https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1", "refsource": "MISC", "url": "https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4532" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4536-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16393", "datePublished": "2019-09-17T20:48:04", "dateReserved": "2019-09-17T00:00:00", "dateUpdated": "2024-08-05T01:17:39.423Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52322
Vulnerability from cvelistv5
Published
2024-01-04 00:00
Modified
2024-08-02 22:55
Severity ?
EPSS score ?
Summary
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:55:41.698Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb" }, { "tags": [ "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr" }, { "name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3761-1] spip security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00014.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-15T16:05:59.341541", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb" }, { "url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr" }, { "name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3761-1] spip security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00014.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-52322", "datePublished": "2024-01-04T00:00:00", "dateReserved": "2024-01-04T00:00:00", "dateUpdated": "2024-08-02T22:55:41.698Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-9997
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/95008 | vdb-entry, x_refsource_BID | |
https://core.spip.net/projects/spip/repository/revisions/23288 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037486 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:07:31.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "95008", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95008" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23288" }, { "name": "1037486", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037486" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-16T00:00:00", "descriptions": [ { "lang": "en", "value": "SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-26T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "95008", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95008" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23288" }, { "name": "1037486", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037486" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9997", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "95008", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95008" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23288", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23288" }, { "name": "1037486", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037486" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9997", "datePublished": "2016-12-17T03:34:00", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2024-08-06T03:07:31.791Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-9152
Vulnerability from cvelistv5
Published
2016-12-05 18:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94658 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037392 | vdb-entry, x_refsource_SECTRACK | |
https://core.spip.net/projects/spip/repository/revisions/23290 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:42:11.120Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94658", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94658" }, { "name": "1037392", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037392" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23290" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-27T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "94658", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94658" }, { "name": "1037392", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037392" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23290" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9152", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "94658", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94658" }, { "name": "1037392", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037392" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23290", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23290" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9152", "datePublished": "2016-12-05T18:00:00", "dateReserved": "2016-11-03T00:00:00", "dateUpdated": "2024-08-06T02:42:11.120Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-3153
Vulnerability from cvelistv5
Published
2016-04-08 14:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
References
▼ | URL | Tags |
---|---|---|
https://core.spip.net/projects/spip/repository/revisions/22911 | x_refsource_CONFIRM | |
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr | x_refsource_CONFIRM | |
http://www.debian.org/security/2016/dsa-3518 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:47:57.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/22911" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr" }, { "name": "DSA-3518", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3518" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-10T00:00:00", "descriptions": [ { "lang": "en", "value": "SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-04-08T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/22911" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr" }, { "name": "DSA-3518", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3518" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3153", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://core.spip.net/projects/spip/repository/revisions/22911", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/22911" }, { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr", "refsource": "CONFIRM", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr" }, { "name": "DSA-3518", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3518" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3153", "datePublished": "2016-04-08T14:00:00", "dateReserved": "2016-03-15T00:00:00", "dateUpdated": "2024-08-05T23:47:57.383Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-2118
Vulnerability from cvelistv5
Published
2013-07-09 17:00
Modified
2024-09-16 23:05
Severity ?
EPSS score ?
Summary
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.
References
▼ | URL | Tags |
---|---|---|
http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr | x_refsource_CONFIRM | |
http://core.spip.org/projects/spip/repository/revisions/20541 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2013/05/27/2 | mailing-list, x_refsource_MLIST | |
http://www.debian.org/security/2013/dsa-2694 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:27:40.940Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://core.spip.org/projects/spip/repository/revisions/20541" }, { "name": "[oss-security] 20130527 Re: CVE Request: SPIP privilege escalation", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/05/27/2" }, { "name": "DSA-2694", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2694" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and \"take editorial control\" via vectors related to ecrire/inc/filtres.php." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-07-09T17:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr" }, { "tags": [ "x_refsource_MISC" ], "url": "http://core.spip.org/projects/spip/repository/revisions/20541" }, { "name": "[oss-security] 20130527 Re: CVE Request: SPIP privilege escalation", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/05/27/2" }, { "name": "DSA-2694", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2694" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2118", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and \"take editorial control\" via vectors related to ecrire/inc/filtres.php." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr", "refsource": "CONFIRM", "url": "http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr" }, { "name": "http://core.spip.org/projects/spip/repository/revisions/20541", "refsource": "MISC", "url": "http://core.spip.org/projects/spip/repository/revisions/20541" }, { "name": "[oss-security] 20130527 Re: CVE Request: SPIP privilege escalation", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/05/27/2" }, { "name": "DSA-2694", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2694" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2118", "datePublished": "2013-07-09T17:00:00Z", "dateReserved": "2013-02-19T00:00:00Z", "dateUpdated": "2024-09-16T23:05:53.094Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-9998
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/95008 | vdb-entry, x_refsource_BID | |
https://core.spip.net/projects/spip/repository/revisions/23288 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037486 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:07:32.094Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "95008", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95008" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23288" }, { "name": "1037486", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037486" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-16T00:00:00", "descriptions": [ { "lang": "en", "value": "SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-26T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "95008", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95008" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23288" }, { "name": "1037486", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037486" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9998", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "95008", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95008" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23288", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23288" }, { "name": "1037486", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037486" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9998", "datePublished": "2016-12-17T03:34:00", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2024-08-06T03:07:32.094Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-23659
Vulnerability from cvelistv5
Published
2024-01-19 00:00
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T23:06:25.355Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr" }, { "tags": [ "x_transferred" ], "url": "https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc" }, { "tags": [ "x_transferred" ], "url": "https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-19T05:00:11.364603", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr" }, { "url": "https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc" }, { "url": "https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-23659", "datePublished": "2024-01-19T00:00:00", "dateReserved": "2024-01-19T00:00:00", "dateUpdated": "2024-08-01T23:06:25.355Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44118
Vulnerability from cvelistv5
Published
2022-01-26 11:07
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).
References
▼ | URL | Tags |
---|---|---|
https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a | x_refsource_MISC | |
https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 | x_refsource_MISC | |
https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.263Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-26T11:07:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44118", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a", "refsource": "MISC", "url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a" }, { "name": "https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357", "refsource": "MISC", "url": "https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357" }, { "name": "https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba", "refsource": "MISC", "url": "https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44118", "datePublished": "2022-01-26T11:07:57", "dateReserved": "2021-11-22T00:00:00", "dateUpdated": "2024-08-04T04:10:17.263Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28960
Vulnerability from cvelistv5
Published
2022-05-19 20:26
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
References
▼ | URL | Tags |
---|---|---|
https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/ | x_refsource_MISC | |
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html | x_refsource_MISC | |
https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/ | x_refsource_MISC | |
https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 | x_refsource_MISC | |
https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:57.652Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-19T20:26:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28960", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/", "refsource": "MISC", "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "name": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/", "refsource": "MISC", "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" }, { "name": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4", "refsource": "MISC", "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "name": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf", "refsource": "MISC", "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28960", "datePublished": "2022-05-19T20:26:14", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:57.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-1295
Vulnerability from cvelistv5
Published
2006-03-19 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.
References
▼ | URL | Tags |
---|---|---|
http://www.zone-h.fr/advisories/read/id=1105 | x_refsource_MISC | |
http://www.securityfocus.com/bid/17130 | vdb-entry, x_refsource_BID | |
http://www.silitix.com/spip-xss.html | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/25389 | vdb-entry, x_refsource_XF | |
http://zone.spip.org/trac/spip-zone/changeset/1672 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:03:29.058Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zone-h.fr/advisories/read/id=1105" }, { "name": "17130", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17130" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.silitix.com/spip-xss.html" }, { "name": "spip-research-xss(25389)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://zone.spip.org/trac/spip-zone/changeset/1672" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.zone-h.fr/advisories/read/id=1105" }, { "name": "17130", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17130" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.silitix.com/spip-xss.html" }, { "name": "spip-research-xss(25389)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://zone.spip.org/trac/spip-zone/changeset/1672" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1295", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.zone-h.fr/advisories/read/id=1105", "refsource": "MISC", "url": "http://www.zone-h.fr/advisories/read/id=1105" }, { "name": "17130", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17130" }, { "name": "http://www.silitix.com/spip-xss.html", "refsource": "MISC", "url": "http://www.silitix.com/spip-xss.html" }, { "name": "spip-research-xss(25389)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389" }, { "name": "http://zone.spip.org/trac/spip-zone/changeset/1672", "refsource": "CONFIRM", "url": "http://zone.spip.org/trac/spip-zone/changeset/1672" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1295", "datePublished": "2006-03-19T23:00:00", "dateReserved": "2006-03-19T00:00:00", "dateUpdated": "2024-08-07T17:03:29.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-11071
Vulnerability from cvelistv5
Published
2019-04-10 20:36
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
References
▼ | URL | Tags |
---|---|---|
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html | x_refsource_MISC | |
https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36 | x_refsource_MISC | |
https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e | x_refsource_MISC | |
https://github.com/spip/SPIP/compare/1e3872c...9861a47 | x_refsource_MISC | |
https://www.debian.org/security/2019/dsa-4429 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:16.288Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47" }, { "name": "DSA-4429", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4429" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-28T17:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47" }, { "name": "DSA-4429", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4429" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11071", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html" }, { "name": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36", "refsource": "MISC", "url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36" }, { "name": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e", "refsource": "MISC", "url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e" }, { "name": "https://github.com/spip/SPIP/compare/1e3872c...9861a47", "refsource": "MISC", "url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47" }, { "name": "DSA-4429", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4429" }, { "name": "USN-4536-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4536-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11071", "datePublished": "2019-04-10T20:36:43", "dateReserved": "2019-04-10T00:00:00", "dateUpdated": "2024-08-04T22:40:16.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-4525
Vulnerability from cvelistv5
Published
2007-08-25 00:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/25416 | vdb-entry, x_refsource_BID | |
http://securityreason.com/securityalert/3056 | third-party-advisory, x_refsource_SREASON | |
http://www.securityfocus.com/archive/1/477423/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/archive/1/477728/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/36218 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:01:09.505Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "25416", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25416" }, { "name": "3056", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3056" }, { "name": "20070823 SPIP v1.7 Remote File Inclusion Bug", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/477423/100/0/threaded" }, { "name": "20070824 Re: SPIP v1.7 Remote File Inclusion Bug", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/477728/100/0/threaded" }, { "name": "spip-inccalcul-file-include(36218)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36218" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-08-23T00:00:00", "descriptions": [ { "lang": "en", "value": "PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "25416", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25416" }, { "name": "3056", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3056" }, { "name": "20070823 SPIP v1.7 Remote File Inclusion Bug", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/477423/100/0/threaded" }, { "name": "20070824 Re: SPIP v1.7 Remote File Inclusion Bug", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/477728/100/0/threaded" }, { "name": "spip-inccalcul-file-include(36218)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36218" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4525", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "25416", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25416" }, { "name": "3056", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3056" }, { "name": "20070823 SPIP v1.7 Remote File Inclusion Bug", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477423/100/0/threaded" }, { "name": "20070824 Re: SPIP v1.7 Remote File Inclusion Bug", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477728/100/0/threaded" }, { "name": "spip-inccalcul-file-include(36218)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36218" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4525", "datePublished": "2007-08-25T00:00:00", "dateReserved": "2007-08-24T00:00:00", "dateUpdated": "2024-08-07T15:01:09.505Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-4555
Vulnerability from cvelistv5
Published
2013-11-15 18:16
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2013/dsa-2794 | vendor-advisory, x_refsource_DEBIAN | |
http://www.spip.net/fr_article5646.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1029317 | vdb-entry, x_refsource_SECTRACK | |
http://core.spip.org/projects/spip/repository/revisions/20874 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2013/11/10/4 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/55551 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:45:14.815Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2794", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2013/dsa-2794" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.spip.net/fr_article5646.html" }, { "name": "1029317", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029317" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://core.spip.org/projects/spip/repository/revisions/20874" }, { "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" }, { "name": "55551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55551" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-06T13:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-2794", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2013/dsa-2794" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.spip.net/fr_article5646.html" }, { "name": "1029317", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029317" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://core.spip.org/projects/spip/repository/revisions/20874" }, { "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" }, { "name": "55551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55551" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4555", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2794", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2013/dsa-2794" }, { "name": "http://www.spip.net/fr_article5646.html", "refsource": "CONFIRM", "url": "http://www.spip.net/fr_article5646.html" }, { "name": "1029317", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029317" }, { "name": "http://core.spip.org/projects/spip/repository/revisions/20874", "refsource": "CONFIRM", "url": "http://core.spip.org/projects/spip/repository/revisions/20874" }, { "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" }, { "name": "55551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55551" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4555", "datePublished": "2013-11-15T18:16:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.815Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-19830
Vulnerability from cvelistv5
Published
2019-12-17 04:33
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2019/dsa-4583 | vendor-advisory, x_refsource_DEBIAN | |
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html | x_refsource_MISC | |
https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias | x_refsource_MISC | |
https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69 | x_refsource_MISC | |
https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:25:12.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4583", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4583" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-28T17:06:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4583", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4583" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19830", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4583", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4583" }, { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html" }, { "name": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias", "refsource": "MISC", "url": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias" }, { "name": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69", "refsource": "MISC", "url": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69" }, { "name": "USN-4536-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4536-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19830", "datePublished": "2019-12-17T04:33:32", "dateReserved": "2019-12-17T00:00:00", "dateUpdated": "2024-08-05T02:25:12.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-1702
Vulnerability from cvelistv5
Published
2006-04-11 10:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/17423 | vdb-entry, x_refsource_BID | |
http://www.securityfocus.com/archive/1/430443/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/25711 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:19:49.504Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "17423", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17423" }, { "name": "20060409 Vulnerabilities in SPIP", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded" }, { "name": "spip-spiplogin-file-include(25711)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-04-09T00:00:00", "descriptions": [ { "lang": "en", "value": "PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "17423", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17423" }, { "name": "20060409 Vulnerabilities in SPIP", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded" }, { "name": "spip-spiplogin-file-include(25711)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1702", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "17423", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17423" }, { "name": "20060409 Vulnerabilities in SPIP", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded" }, { "name": "spip-spiplogin-file-include(25711)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1702", "datePublished": "2006-04-11T10:00:00", "dateReserved": "2006-04-10T00:00:00", "dateUpdated": "2024-08-07T17:19:49.504Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27372
Vulnerability from cvelistv5
Published
2023-02-28 00:00
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.355Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html" }, { "tags": [ "x_transferred" ], "url": "https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266" }, { "tags": [ "x_transferred" ], "url": "https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d" }, { "name": "DSA-5367", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5367" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html" }, { "url": "https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266" }, { "url": "https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d" }, { "name": "DSA-5367", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5367" }, { "url": "http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html" }, { "url": "http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-27372", "datePublished": "2023-02-28T00:00:00", "dateReserved": "2023-02-28T00:00:00", "dateUpdated": "2024-08-02T12:09:43.355Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-0625
Vulnerability from cvelistv5
Published
2006-02-09 18:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/16556 | vdb-entry, x_refsource_BID | |
http://www.vupen.com/english/advisories/2006/0483 | vdb-entry, x_refsource_VUPEN | |
http://www.osvdb.org/23086 | vdb-entry, x_refsource_OSVDB | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/24600 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/18676 | third-party-advisory, x_refsource_SECUNIA | |
http://securitytracker.com/id?1015602 | vdb-entry, x_refsource_SECTRACK | |
http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:41:29.137Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "16556", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16556" }, { "name": "ADV-2006-0483", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/0483" }, { "name": "23086", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/23086" }, { "name": "spip-rss-file-include(24600)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24600" }, { "name": "18676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18676" }, { "name": "1015602", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015602" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via \"..\" sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "16556", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16556" }, { "name": "ADV-2006-0483", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/0483" }, { "name": "23086", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/23086" }, { "name": "spip-rss-file-include(24600)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24600" }, { "name": "18676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18676" }, { "name": "1015602", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015602" }, { "tags": [ "x_refsource_MISC" ], "url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0625", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via \"..\" sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "16556", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16556" }, { "name": "ADV-2006-0483", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0483" }, { "name": "23086", "refsource": "OSVDB", "url": "http://www.osvdb.org/23086" }, { "name": "spip-rss-file-include(24600)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24600" }, { "name": "18676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18676" }, { "name": "1015602", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015602" }, { "name": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0625", "datePublished": "2006-02-09T18:00:00", "dateReserved": "2006-02-09T00:00:00", "dateUpdated": "2024-08-07T16:41:29.137Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-5813
Vulnerability from cvelistv5
Published
2009-01-02 18:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/33307 | third-party-advisory, x_refsource_SECUNIA | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/47626 | vdb-entry, x_refsource_XF | |
http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/47695 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/33021 | vdb-entry, x_refsource_BID | |
http://www.securityfocus.com/bid/33061 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T11:04:44.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "33307", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33307" }, { "name": "spip-rubriques-sql-injection(47626)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" }, { "name": "spip-multiple-unspecified(47695)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" }, { "name": "33021", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/33021" }, { "name": "33061", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/33061" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-12-24T00:00:00", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "33307", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33307" }, { "name": "spip-rubriques-sql-injection(47626)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" }, { "name": "spip-multiple-unspecified(47695)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" }, { "name": "33021", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/33021" }, { "name": "33061", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/33061" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5813", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "33307", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33307" }, { "name": "spip-rubriques-sql-injection(47626)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626" }, { "name": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2", "refsource": "CONFIRM", "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" }, { "name": "spip-multiple-unspecified(47695)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" }, { "name": "33021", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33021" }, { "name": "33061", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33061" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5813", "datePublished": "2009-01-02T18:00:00", "dateReserved": "2009-01-02T00:00:00", "dateUpdated": "2024-08-07T11:04:44.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37155
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:21:33.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/" }, { "tags": [ "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html" }, { "tags": [ "x_transferred" ], "url": "https://pastebin.com/ZH7CPc8X" }, { "tags": [ "x_transferred" ], "url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/" }, { "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html" }, { "url": "https://pastebin.com/ZH7CPc8X" }, { "url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-37155", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-08-01T00:00:00", "dateUpdated": "2024-08-03T10:21:33.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-28984
Vulnerability from cvelistv5
Published
2020-11-23 21:48
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
References
▼ | URL | Tags |
---|---|---|
https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8 | x_refsource_MISC | |
https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8 | x_refsource_MISC | |
https://www.debian.org/security/2020/dsa-4798 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:48:01.703Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8" }, { "name": "DSA-4798", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4798" }, { "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2505-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-23T19:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8" }, { "name": "DSA-4798", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4798" }, { "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2505-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28984", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8", "refsource": "MISC", "url": "https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8" }, { "name": "https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8", "refsource": "MISC", "url": "https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8" }, { "name": "DSA-4798", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4798" }, { "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2505-1] spip security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28984", "datePublished": "2020-11-23T21:48:53", "dateReserved": "2020-11-23T00:00:00", "dateUpdated": "2024-08-04T16:48:01.703Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44123
Vulnerability from cvelistv5
Published
2022-01-26 11:57
Modified
2024-08-04 04:17
Severity ?
EPSS score ?
Summary
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.
References
▼ | URL | Tags |
---|---|---|
https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:17:23.464Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-26T11:57:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44123", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a", "refsource": "MISC", "url": "https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44123", "datePublished": "2022-01-26T11:57:30", "dateReserved": "2021-11-22T00:00:00", "dateUpdated": "2024-08-04T04:17:23.464Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-16392
Vulnerability from cvelistv5
Published
2019-09-17 20:48
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
References
▼ | URL | Tags |
---|---|---|
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html | x_refsource_MISC | |
https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028 | x_refsource_MISC | |
https://seclists.org/bugtraq/2019/Sep/40 | mailing-list, x_refsource_BUGTRAQ | |
https://www.debian.org/security/2019/dsa-4532 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:17:39.395Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4532" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-28T17:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4532" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16392", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "name": "https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028", "refsource": "MISC", "url": "https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4532" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4536-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16392", "datePublished": "2019-09-17T20:48:28", "dateReserved": "2019-09-17T00:00:00", "dateUpdated": "2024-08-05T01:17:39.395Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7981
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/93451 | vdb-entry, x_refsource_BID | |
http://www.openwall.com/lists/oss-security/2016/10/12/7 | mailing-list, x_refsource_MLIST | |
https://core.spip.net/projects/spip/repository/revisions/23200 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/10/06/6 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/10/05/17 | mailing-list, x_refsource_MLIST | |
https://core.spip.net/projects/spip/repository/revisions/23202 | x_refsource_CONFIRM | |
https://core.spip.net/projects/spip/repository/revisions/23201 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:13:21.399Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "93451", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93451" }, { "name": "[oss-security] 20161012 CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/12/7" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23200" }, { "name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23202" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-19T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "93451", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93451" }, { "name": "[oss-security] 20161012 CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/12/7" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23200" }, { "name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23202" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7981", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "93451", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93451" }, { "name": "[oss-security] 20161012 CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/12/7" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23200", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23200" }, { "name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/06/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23202", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23202" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23201", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23201" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7981", "datePublished": "2017-01-18T17:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:13:21.399Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24258
Vulnerability from cvelistv5
Published
2023-02-27 00:00
Modified
2024-08-02 10:56
Severity ?
EPSS score ?
Summary
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:56:02.623Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md" }, { "tags": [ "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html" }, { "name": "DSA-5325", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5325" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md" }, { "url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html" }, { "name": "DSA-5325", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5325" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-24258", "datePublished": "2023-02-27T00:00:00", "dateReserved": "2023-01-23T00:00:00", "dateUpdated": "2024-08-02T10:56:02.623Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7954
Vulnerability from cvelistv5
Published
2024-08-23 17:43
Modified
2024-08-23 18:31
Severity ?
EPSS score ?
Summary
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
References
▼ | URL | Tags |
---|---|---|
https://vulncheck.com/advisories/spip-porte-plume | third-party-advisory | |
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html | vendor-advisory | |
https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/ | technical-description, exploit |
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "spip", "vendor": "spip", "versions": [ { "lessThan": "4.3.0-alpha2", "status": "affected", "version": "4.3.0-alpha", "versionType": "custom" }, { "lessThan": "4.2.13", "status": "affected", "version": "4.2.0", "versionType": "semver" }, { "lessThan": "4.1.16", "status": "affected", "version": "4.1.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7954", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-23T18:26:49.808289Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-23T18:31:44.888Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SPIP", "vendor": "SPIP", "versions": [ { "lessThan": "4.3.0-alpha2", "status": "affected", "version": "4.3.0-alpha", "versionType": "custom" }, { "lessThan": "4.2.13", "status": "affected", "version": "4.2.0", "versionType": "semver" }, { "lessThan": "4.1.16", "status": "affected", "version": "4.1.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Louka Jacques-Chevallier" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.\u003cbr\u003e" } ], "value": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request." } ], "impacts": [ { "capecId": "CAPEC-242", "descriptions": [ { "lang": "en", "value": "CAPEC-242 Code Injection" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-23T17:46:17.470Z", "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck" }, "references": [ { "tags": [ "third-party-advisory" ], "url": "https://vulncheck.com/advisories/spip-porte-plume" }, { "tags": [ "vendor-advisory" ], "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html" }, { "tags": [ "technical-description", "exploit" ], "url": "https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/" } ], "source": { "discovery": "UNKNOWN" }, "title": "SPIP porte_plume Plugin Arbitrary PHP Execution", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "assignerShortName": "VulnCheck", "cveId": "CVE-2024-7954", "datePublished": "2024-08-23T17:43:20.967Z", "dateReserved": "2024-08-19T18:16:30.180Z", "dateUpdated": "2024-08-23T18:31:44.888Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-3041
Vulnerability from cvelistv5
Published
2009-09-01 18:04
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/36008 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/52381 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/36365 | third-party-advisory, x_refsource_SECUNIA | |
http://www.spip-contrib.net/SPIP-Security-Alert-new-version | x_refsource_CONFIRM | |
http://fil.rezo.net/secu-14346-14350+14354.patch | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:14:56.453Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "36008", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/36008" }, { "name": "spip-unspecified-unauth-access(52381)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52381" }, { "name": "36365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36365" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.spip-contrib.net/SPIP-Security-Alert-new-version" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://fil.rezo.net/secu-14346-14350+14354.patch" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-08-06T00:00:00", "descriptions": [ { "lang": "en", "value": "SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "36008", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/36008" }, { "name": "spip-unspecified-unauth-access(52381)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52381" }, { "name": "36365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36365" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.spip-contrib.net/SPIP-Security-Alert-new-version" }, { "tags": [ "x_refsource_MISC" ], "url": "http://fil.rezo.net/secu-14346-14350+14354.patch" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3041", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "36008", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36008" }, { "name": "spip-unspecified-unauth-access(52381)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52381" }, { "name": "36365", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36365" }, { "name": "http://www.spip-contrib.net/SPIP-Security-Alert-new-version", "refsource": "CONFIRM", "url": "http://www.spip-contrib.net/SPIP-Security-Alert-new-version" }, { "name": "http://fil.rezo.net/secu-14346-14350+14354.patch", "refsource": "MISC", "url": "http://fil.rezo.net/secu-14346-14350+14354.patch" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3041", "datePublished": "2009-09-01T18:04:00", "dateReserved": "2009-09-01T00:00:00", "dateUpdated": "2024-08-07T06:14:56.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44122
Vulnerability from cvelistv5
Published
2022-01-26 11:47
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).
References
▼ | URL | Tags |
---|---|---|
https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-26T11:47:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44122", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db", "refsource": "MISC", "url": "https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44122", "datePublished": "2022-01-26T11:47:55", "dateReserved": "2021-11-22T00:00:00", "dateUpdated": "2024-08-04T04:10:17.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7998
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/93451 | vdb-entry, x_refsource_BID | |
https://core.spip.net/projects/spip/repository/revisions/23189 | x_refsource_CONFIRM | |
https://core.spip.net/projects/spip/repository/revisions/23192 | x_refsource_CONFIRM | |
https://core.spip.net/projects/spip/repository/revisions/23186 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/10/07/5 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/10/08/6 | mailing-list, x_refsource_MLIST | |
https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/ | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2016/10/05/17 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:13:21.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "93451", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93451" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23189" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23192" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23186" }, { "name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/07/5" }, { "name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/6" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-23T01:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "93451", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93451" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23189" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23192" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23186" }, { "name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/07/5" }, { "name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/6" }, { "tags": [ "x_refsource_MISC" ], "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7998", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "93451", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93451" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23189", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23189" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23192", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23192" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23186", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23186" }, { "name": "[oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/07/5" }, { "name": "[oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/08/6" }, { "name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/", "refsource": "MISC", "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7998", "datePublished": "2017-01-18T17:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:13:21.614Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-15736
Vulnerability from cvelistv5
Published
2017-10-21 22:00
Modified
2024-08-05 20:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
References
▼ | URL | Tags |
---|---|---|
https://core.spip.net/projects/spip/repository/revisions/23701 | x_refsource_CONFIRM | |
https://www.debian.org/security/2018/dsa-4228 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:04:49.858Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23701" }, { "name": "DSA-4228", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4228" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-10-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-28T17:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23701" }, { "name": "DSA-4228", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4228" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15736", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://core.spip.net/projects/spip/repository/revisions/23701", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23701" }, { "name": "DSA-4228", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4228" }, { "name": "USN-4536-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4536-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15736", "datePublished": "2017-10-21T22:00:00", "dateReserved": "2017-10-21T00:00:00", "dateUpdated": "2024-08-05T20:04:49.858Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-4557
Vulnerability from cvelistv5
Published
2013-11-15 18:16
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2013/dsa-2794 | vendor-advisory, x_refsource_DEBIAN | |
http://www.spip.net/fr_article5646.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1029317 | vdb-entry, x_refsource_SECTRACK | |
http://www.openwall.com/lists/oss-security/2013/11/10/4 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/55551 | third-party-advisory, x_refsource_SECUNIA | |
http://www.spip.net/fr_article5648.html | x_refsource_CONFIRM | |
http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:45:14.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2794", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2013/dsa-2794" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.spip.net/fr_article5646.html" }, { "name": "1029317", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029317" }, { "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" }, { "name": "55551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55551" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.spip.net/fr_article5648.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-06T13:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-2794", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2013/dsa-2794" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.spip.net/fr_article5646.html" }, { "name": "1029317", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029317" }, { "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" }, { "name": "55551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55551" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.spip.net/fr_article5648.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4557", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2794", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2013/dsa-2794" }, { "name": "http://www.spip.net/fr_article5646.html", "refsource": "CONFIRM", "url": "http://www.spip.net/fr_article5646.html" }, { "name": "1029317", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029317" }, { "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" }, { "name": "55551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55551" }, { "name": "http://www.spip.net/fr_article5648.html", "refsource": "CONFIRM", "url": "http://www.spip.net/fr_article5648.html" }, { "name": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php", "refsource": "CONFIRM", "url": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4557", "datePublished": "2013-11-15T18:16:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.832Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44120
Vulnerability from cvelistv5
Published
2022-01-26 11:26
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.
References
▼ | URL | Tags |
---|---|---|
https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author\u0027s information, the malicious code will be executed. The \"Who are you\" and \"Website Name\" fields are vulnerable." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-26T11:26:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44120", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author\u0027s information, the malicious code will be executed. The \"Who are you\" and \"Website Name\" fields are vulnerable." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81", "refsource": "MISC", "url": "https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44120", "datePublished": "2022-01-26T11:26:27", "dateReserved": "2021-11-22T00:00:00", "dateUpdated": "2024-08-04T04:10:17.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7982
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/93451 | vdb-entry, x_refsource_BID | |
https://core.spip.net/projects/spip/repository/revisions/23200 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/10/06/6 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/10/05/17 | mailing-list, x_refsource_MLIST | |
https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/ | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2016/10/12/8 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:13:21.605Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "93451", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93451" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23200" }, { "name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/" }, { "name": "[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/12/8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-23T01:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "93451", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93451" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23200" }, { "name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "tags": [ "x_refsource_MISC" ], "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/" }, { "name": "[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/12/8" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7982", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "93451", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93451" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23200", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23200" }, { "name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/06/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/", "refsource": "MISC", "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/" }, { "name": "[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/12/8" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7982", "datePublished": "2017-01-18T17:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:13:21.605Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2151
Vulnerability from cvelistv5
Published
2012-08-14 22:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/75104 | vdb-entry, x_refsource_XF | |
http://www.openwall.com/lists/oss-security/2012/05/01/4 | mailing-list, x_refsource_MLIST | |
http://www.securitytracker.com/id?1026970 | vdb-entry, x_refsource_SECTRACK | |
http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/ | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2012/04/30/4 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/48939 | third-party-advisory, x_refsource_SECUNIA | |
http://www.osvdb.org/81473 | vdb-entry, x_refsource_OSVDB | |
http://www.securityfocus.com/bid/53216 | vdb-entry, x_refsource_BID | |
http://www.debian.org/security/2012/dsa-2461 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:08.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "spip-unspecified-xss(75104)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75104" }, { "name": "[oss-security] 20120501 Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/05/01/4" }, { "name": "1026970", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026970" }, { "name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/" }, { "name": "[oss-security] 20120430 CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/04/30/4" }, { "name": "48939", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48939" }, { "name": "81473", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/81473" }, { "name": "53216", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/53216" }, { "name": "DSA-2461", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2461" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "spip-unspecified-xss(75104)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75104" }, { "name": "[oss-security] 20120501 Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/05/01/4" }, { "name": "1026970", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026970" }, { "name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/" }, { "name": "[oss-security] 20120430 CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/04/30/4" }, { "name": "48939", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48939" }, { "name": "81473", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/81473" }, { "name": "53216", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/53216" }, { "name": "DSA-2461", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2461" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2151", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "spip-unspecified-xss(75104)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75104" }, { "name": "[oss-security] 20120501 Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/01/4" }, { "name": "1026970", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026970" }, { "name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables", "refsource": "MLIST", "url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/" }, { "name": "[oss-security] 20120430 CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/30/4" }, { "name": "48939", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48939" }, { "name": "81473", "refsource": "OSVDB", "url": "http://www.osvdb.org/81473" }, { "name": "53216", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53216" }, { "name": "DSA-2461", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2461" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2151", "datePublished": "2012-08-14T22:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:08.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-5812
Vulnerability from cvelistv5
Published
2009-01-02 18:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/33307 | third-party-advisory, x_refsource_SECUNIA | |
http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/47695 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/33061 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T11:04:44.590Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "33307", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33307" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" }, { "name": "spip-multiple-unspecified(47695)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" }, { "name": "33061", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/33061" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-12-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "33307", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33307" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" }, { "name": "spip-multiple-unspecified(47695)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" }, { "name": "33061", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/33061" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5812", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "33307", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33307" }, { "name": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2", "refsource": "CONFIRM", "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" }, { "name": "spip-multiple-unspecified(47695)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" }, { "name": "33061", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33061" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5812", "datePublished": "2009-01-02T18:00:00", "dateReserved": "2009-01-02T00:00:00", "dateUpdated": "2024-08-07T11:04:44.590Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-16391
Vulnerability from cvelistv5
Published
2019-09-17 20:49
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
References
▼ | URL | Tags |
---|---|---|
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html | x_refsource_MISC | |
https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79 | x_refsource_MISC | |
https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66 | x_refsource_MISC | |
https://seclists.org/bugtraq/2019/Sep/40 | mailing-list, x_refsource_BUGTRAQ | |
https://www.debian.org/security/2019/dsa-4532 | vendor-advisory, x_refsource_DEBIAN | |
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4536-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:17:39.480Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4532" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-28T17:06:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4532" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4536-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16391", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "name": "https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79", "refsource": "MISC", "url": "https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79" }, { "name": "https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66", "refsource": "MISC", "url": "https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66" }, { "name": "20190925 [SECURITY] [DSA 4532-1] spip security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "name": "DSA-4532", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4532" }, { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr" }, { "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "name": "USN-4536-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4536-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16391", "datePublished": "2019-09-17T20:49:04", "dateReserved": "2019-09-17T00:00:00", "dateUpdated": "2024-08-05T01:17:39.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-0518
Vulnerability from cvelistv5
Published
2006-02-02 11:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/24401 | vdb-entry, x_refsource_XF | |
http://www.osvdb.org/22849 | vdb-entry, x_refsource_OSVDB | |
http://www.zone-h.org/en/advisories/read/id=8650/ | x_refsource_MISC | |
http://secunia.com/advisories/18676 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2006/0398 | vdb-entry, x_refsource_VUPEN | |
http://www.securityfocus.com/bid/16461 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:41:28.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "spip-index-xss(24401)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24401" }, { "name": "22849", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/22849" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zone-h.org/en/advisories/read/id=8650/" }, { "name": "18676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18676" }, { "name": "ADV-2006-0398", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/0398" }, { "name": "16461", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16461" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "spip-index-xss(24401)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24401" }, { "name": "22849", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/22849" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zone-h.org/en/advisories/read/id=8650/" }, { "name": "18676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18676" }, { "name": "ADV-2006-0398", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/0398" }, { "name": "16461", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16461" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0518", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "spip-index-xss(24401)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24401" }, { "name": "22849", "refsource": "OSVDB", "url": "http://www.osvdb.org/22849" }, { "name": "http://www.zone-h.org/en/advisories/read/id=8650/", "refsource": "MISC", "url": "http://www.zone-h.org/en/advisories/read/id=8650/" }, { "name": "18676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18676" }, { "name": "ADV-2006-0398", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0398" }, { "name": "16461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16461" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0518", "datePublished": "2006-02-02T11:00:00", "dateReserved": "2006-02-02T00:00:00", "dateUpdated": "2024-08-07T16:41:28.383Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-3154
Vulnerability from cvelistv5
Published
2016-04-08 14:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
References
▼ | URL | Tags |
---|---|---|
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr | x_refsource_CONFIRM | |
http://www.debian.org/security/2016/dsa-3518 | vendor-advisory, x_refsource_DEBIAN | |
https://core.spip.net/projects/spip/repository/revisions/22903 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:47:57.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr" }, { "name": "DSA-3518", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3518" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/22903" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-04-08T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr" }, { "name": "DSA-3518", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3518" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/22903" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3154", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr", "refsource": "CONFIRM", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr" }, { "name": "DSA-3518", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3518" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/22903", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/22903" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3154", "datePublished": "2016-04-08T14:00:00", "dateReserved": "2016-03-15T00:00:00", "dateUpdated": "2024-08-05T23:47:57.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28959
Vulnerability from cvelistv5
Published
2022-05-19 20:26
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
References
▼ | URL | Tags |
---|---|---|
https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/ | x_refsource_MISC | |
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html | x_refsource_MISC | |
https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/ | x_refsource_MISC | |
https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 | x_refsource_MISC | |
https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:57.530Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-19T20:26:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28959", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/", "refsource": "MISC", "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "name": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/", "refsource": "MISC", "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" }, { "name": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4", "refsource": "MISC", "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "name": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf", "refsource": "MISC", "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28959", "datePublished": "2022-05-19T20:26:11", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:57.530Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26847
Vulnerability from cvelistv5
Published
2022-03-10 04:58
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
References
▼ | URL | Tags |
---|---|---|
https://lists.debian.org/debian-security-announce/2022/msg00060.html | x_refsource_MISC | |
https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html | x_refsource_MISC | |
https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2" }, { "name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-15T12:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2" }, { "name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-26847", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.debian.org/debian-security-announce/2022/msg00060.html", "refsource": "MISC", "url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html" }, { "name": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html", "refsource": "MISC", "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html" }, { "name": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2", "refsource": "MISC", "url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2" }, { "name": "[debian-lts-announce] 20220315 [SECURITY] [DLA 2949-1] spip security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-26847", "datePublished": "2022-03-10T04:58:16", "dateReserved": "2022-03-10T00:00:00", "dateUpdated": "2024-08-03T05:11:44.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-4494
Vulnerability from cvelistv5
Published
2005-12-22 11:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
References
▼ | URL | Tags |
---|---|---|
http://www.vupen.com/english/advisories/2005/3061 | vdb-entry, x_refsource_VUPEN | |
http://www.osvdb.org/21865 | vdb-entry, x_refsource_OSVDB | |
http://www.osvdb.org/21864 | vdb-entry, x_refsource_OSVDB | |
http://www.securityfocus.com/bid/16019 | vdb-entry, x_refsource_BID | |
http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html | x_refsource_MISC | |
http://secunia.com/advisories/18211 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T23:46:05.320Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2005-3061", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/3061" }, { "name": "21865", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/21865" }, { "name": "21864", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/21864" }, { "name": "16019", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16019" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html" }, { "name": "18211", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18211" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-12-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-01-04T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2005-3061", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/3061" }, { "name": "21865", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/21865" }, { "name": "21864", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/21864" }, { "name": "16019", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16019" }, { "tags": [ "x_refsource_MISC" ], "url": "http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html" }, { "name": "18211", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18211" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4494", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2005-3061", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/3061" }, { "name": "21865", "refsource": "OSVDB", "url": "http://www.osvdb.org/21865" }, { "name": "21864", "refsource": "OSVDB", "url": "http://www.osvdb.org/21864" }, { "name": "16019", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16019" }, { "name": "http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html", "refsource": "MISC", "url": "http://pridels0.blogspot.com/2005/12/spip-xss-vuln.html" }, { "name": "18211", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18211" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4494", "datePublished": "2005-12-22T11:00:00", "dateReserved": "2005-12-22T00:00:00", "dateUpdated": "2024-08-07T23:46:05.320Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7980
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
References
▼ | URL | Tags |
---|---|---|
https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/ | x_refsource_MISC | |
http://www.securityfocus.com/bid/93451 | vdb-entry, x_refsource_BID | |
http://www.openwall.com/lists/oss-security/2016/10/12/6 | mailing-list, x_refsource_MLIST | |
https://core.spip.net/projects/spip/repository/revisions/23203 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/10/06/6 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/10/05/17 | mailing-list, x_refsource_MLIST | |
https://core.spip.net/projects/spip/repository/revisions/23202 | x_refsource_CONFIRM | |
https://core.spip.net/projects/spip/repository/revisions/23201 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:13:21.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/" }, { "name": "93451", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93451" }, { "name": "[oss-security] 20161012 CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/12/6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23203" }, { "name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23202" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-23T01:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/" }, { "name": "93451", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93451" }, { "name": "[oss-security] 20161012 CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/12/6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23203" }, { "name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23202" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7980", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/", "refsource": "MISC", "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/" }, { "name": "93451", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93451" }, { "name": "[oss-security] 20161012 CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/12/6" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23203", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23203" }, { "name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/06/6" }, { "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23202", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23202" }, { "name": "https://core.spip.net/projects/spip/repository/revisions/23201", "refsource": "CONFIRM", "url": "https://core.spip.net/projects/spip/repository/revisions/23201" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7980", "datePublished": "2017-01-18T17:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:13:21.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2019-09-17 21:15
Modified
2024-11-21 04:30
Severity ?
Summary
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spip | spip | * | |
spip | spip | * | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
canonical | ubuntu_linux | 18.04 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "matchCriteriaId": "92C9CE90-F244-458C-B475-28F2298D6C17", "versionEndExcluding": "3.1.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "matchCriteriaId": "054DE097-C977-4694-9F80-ADF007A3CA36", "versionEndExcluding": "3.2.5", "versionStartIncluding": "3.2.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers." }, { "lang": "es", "value": "SPIP versiones anteriores a 3.1.11 y versiones 3.2 anteriores a 3.2.5, proporciona diferentes mensajes de error desde la p\u00e1gina password-reminder dependiendo de si existe una direcci\u00f3n de correo electr\u00f3nico, que podr\u00eda ayudar a atacantes para enumerar suscriptores." } ], "id": "CVE-2019-16394", "lastModified": "2024-11-21T04:30:37.723", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-17T21:15:11.663", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://core.spip.net/issues/4171" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4536-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4532" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://core.spip.net/issues/4171" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Sep/40" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4536-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4532" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-203" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-01-02 18:11
Modified
2024-11-21 00:54
Severity ?
Summary
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spip | spip | 1.8 | |
spip | spip | 1.8.1 | |
spip | spip | 1.8.2 | |
spip | spip | 1.8.2b | |
spip | spip | 1.8.3 | |
spip | spip | 1.8b1 | |
spip | spip | 1.8b2 | |
spip | spip | 1.8b3 | |
spip | spip | 1.8b4 | |
spip | spip | 1.8b5 | |
spip | spip | 1.8b6 | |
spip | spip | 1.9.0 | |
spip | spip | 1.9.1 | |
spip | spip | 1.9.1 | |
spip | spip | 1.9.2 | |
spip | spip | 1.9.2f | |
spip | spip | 2.0.0 | |
spip | spip | 2.0.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "B513AF43-AFCA-494C-A3D0-A35F3214CE62", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C4AC748-27C3-4FEC-A3C0-CF68B7D5DA4A", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "91DEC874-206B-4C45-92F5-C6C650F92782", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.2b:*:*:*:*:*:*:*", "matchCriteriaId": "0A738F49-1968-4748-A48D-7D493BD09313", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "2258E6D1-B11D-4902-98D2-FC8330BE175D", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b1:*:*:*:*:*:*:*", "matchCriteriaId": "233CD17B-7CA9-4169-85CC-D44C2783A274", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b2:*:*:*:*:*:*:*", "matchCriteriaId": "C1F0B947-DA3E-4394-A2B4-240B9792BA9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b3:*:*:*:*:*:*:*", "matchCriteriaId": "D4FBAA9E-2DD6-4FCC-AD97-CF666DB1B6EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b4:*:*:*:*:*:*:*", "matchCriteriaId": "D11D5EC5-EB3F-4517-90E4-FE4B0B6526A0", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b5:*:*:*:*:*:*:*", "matchCriteriaId": "537F4814-914D-4493-98FB-F5F21B385F8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b6:*:*:*:*:*:*:*", "matchCriteriaId": "8E128150-5AF1-45EF-8A6F-6709671F22D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "87EF9B63-0BB2-425A-8A81-1264BD28DB5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.9.1:rev7385:*:*:*:*:*:*", "matchCriteriaId": "FDBAD023-85A7-4B75-90EA-7C174F746050", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.9.1:rev7502:*:*:*:*:*:*", "matchCriteriaId": "82D6BD57-507A-4131-9D50-7F76BB9C5DC7", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "1BCB6E24-EA9D-46C4-B128-310DFEB22D50", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.9.2f:*:*:*:*:*:*:*", "matchCriteriaId": "D95CA7C1-F894-4530-B3D4-44002F387453", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information." }, { "lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en inc/rubriques.php en SPIP v1.8 anteriores a v1.8.3b, v1.9 anteriores a v1.9.2g, y v2.0 anteriores a v2.0.2 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro \"ID\". NOTA: algunos de los detalles han sido obtenidos a partir de la informaci\u00f3n de terceros." } ], "id": "CVE-2008-5813", "lastModified": "2024-11-21T00:54:57.787", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-01-02T18:11:09.610", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/33307" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33021" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33061" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/33307" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33021" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33061" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-19 21:15
Modified
2024-11-21 06:58
Severity ?
Summary
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2834C8B-8286-43F8-8DD9-0CAC21094A30", "versionEndIncluding": "3.1.13", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters." }, { "lang": "es", "value": "Se ha detectado que Spip Web Framework versiones v3.1.13 y anteriores, contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en /ecrire por medio de los par\u00e1metros lier_trad y where" } ], "id": "CVE-2022-28961", "lastModified": "2024-11-21T06:58:14.830", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-05-19T21:15:08.150", "references": [ { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-04-11 10:02
Modified
2024-11-21 00:09
Severity ?
Summary
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "2258E6D1-B11D-4902-98D2-FC8330BE175D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter." } ], "id": "CVE-2006-1702", "lastModified": "2024-11-21T00:09:31.823", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-04-11T10:02:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/17423" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/17423" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-03-19 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:1.8.2e:*:*:*:*:*:*:*", "matchCriteriaId": "9D3C57F2-B911-4EE3-9988-913D9D11567D", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.2g:*:*:*:*:*:*:*", "matchCriteriaId": "FB8D5C97-A36D-4E53-A591-20FE20AF00B5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter." } ], "id": "CVE-2006-1295", "lastModified": "2024-11-21T00:08:31.807", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-03-19T23:02:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17130" }, { "source": "cve@mitre.org", "url": "http://www.silitix.com/spip-xss.html" }, { "source": "cve@mitre.org", "url": "http://www.zone-h.fr/advisories/read/id=1105" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://zone.spip.org/trac/spip-zone/changeset/1672" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17130" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.silitix.com/spip-xss.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zone-h.fr/advisories/read/id=1105" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://zone.spip.org/trac/spip-zone/changeset/1672" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-02-09 18:06
Modified
2024-11-21 00:06
Severity ?
Summary
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:1.8.2d:*:*:*:*:*:*:*", "matchCriteriaId": "C1801D09-E761-41F5-97E8-4C4F882D6C3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.2e:*:*:*:*:*:*:*", "matchCriteriaId": "9D3C57F2-B911-4EE3-9988-913D9D11567D", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.2g:*:*:*:*:*:*:*", "matchCriteriaId": "FB8D5C97-A36D-4E53-A591-20FE20AF00B5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via \"..\" sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3." } ], "id": "CVE-2006-0625", "lastModified": "2024-11-21T00:06:56.810", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-02-09T18:06:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18676" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015602" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/23086" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/16556" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0483" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24600" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18676" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015602" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/23086" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/16556" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0483" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24600" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-12-17 03:59
Modified
2024-11-21 03:02
Severity ?
Summary
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/95008 | Third Party Advisory, VDB Entry | |
cve@mitre.org | http://www.securitytracker.com/id/1037486 | ||
cve@mitre.org | https://core.spip.net/projects/spip/repository/revisions/23288 | Issue Tracking, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95008 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037486 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://core.spip.net/projects/spip/repository/revisions/23288 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F886B97D-1648-4D9A-A1A3-9F7982C6259D", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.1.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "C06AB4FA-EA55-435E-9C04-124BCC008301", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "A22B763C-1CE8-4219-A767-8400FFDCCDCB", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.1.0:rc:*:*:*:*:*:*", "matchCriteriaId": "26E98301-4358-464A-952C-FE81F9EC7859", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE44495-D166-46D4-9375-73890216AF7E", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "B645A6EB-B9C5-470C-B42C-E971B2A21D6E", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC77374D-F349-4728-91B9-5483C641B33B", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9C5276FA-1CDD-4100-B8A6-21ABB1A7E8A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0230D10E-96C6-4C13-BF75-E4B398AAE741", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL." }, { "lang": "es", "value": "SPIP 3.1.x sufre de una vulnerabilidad de XSS reflectada en /ecrire/exec/info_plugin.php involucrando el par\u00e1metro `$plugin`, seg\u00fan lo demostrado por una URL /ecrire/?exec=info_plugin." } ], "id": "CVE-2016-9998", "lastModified": "2024-11-21T03:02:09.227", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-12-17T03:59:00.420", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/95008" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1037486" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23288" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/95008" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037486" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23288" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-03-10 17:48
Modified
2024-11-21 06:54
Severity ?
Summary
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spip | spip | * | |
spip | spip | * | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FAA6131-6D99-4123-9873-B0025DFD6660", "versionEndExcluding": "3.2.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AE2C4F8-8B04-4FB2-9230-4CB16BF61D30", "versionEndExcluding": "4.0.5", "versionStartIncluding": "4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code." }, { "lang": "es", "value": "SPIP versiones anteriores a 3.2.14 y versiones 4.x anteriores a 4.0.5, permite a editores remotos autenticados ejecutar c\u00f3digo arbitrario" } ], "id": "CVE-2022-26846", "lastModified": "2024-11-21T06:54:38.363", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-03-10T17:48:01.693", "references": [ { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2024-11-21 02:58
Severity ?
Summary
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "matchCriteriaId": "108B7E4F-1501-4193-BF95-B2D3465FCB10", "versionEndIncluding": "3.1.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action." }, { "lang": "es", "value": "Ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes llevar a cabo ataques de SSRF a trav\u00e9s de una URL en el par\u00e1metro var_url en una acci\u00f3n valider_xml." } ], "id": "CVE-2016-7999", "lastModified": "2024-11-21T02:58:52.920", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-01-18T17:59:01.107", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/07/5" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/6" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/12/10" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/93451" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23188" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23193" }, { "source": "cve@mitre.org", "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/07/5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/12/10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/93451" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23188" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://core.spip.net/projects/spip/repository/revisions/23193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-918" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-04-10 21:29
Modified
2024-11-21 04:20
Severity ?
Summary
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F25A18D-321C-41CC-9FBC-F55F4B97E6CA", "versionEndExcluding": "3.1.10", "versionStartIncluding": "3.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D60F81C-1902-43F9-B9E6-C7C503336007", "versionEndExcluding": "3.2.4", "versionStartIncluding": "3.2.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled." }, { "lang": "es", "value": "SPIP 3.1 versiones anteriores a 3.1.10 y 3.2 versiones anteriores a 3.2.4 permite a los visitantes autentificados ejecutar c\u00f3digo arbitrario en el servidor host porque var_memotri se maneja de forma inadecuada." } ], "id": "CVE-2019-11071", "lastModified": "2024-11-21T04:20:28.973", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-04-10T21:29:01.730", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4536-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4429" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4536-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4429" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-12-17 05:15
Modified
2024-11-21 04:35
Severity ?
Summary
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spip | spip | * | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
canonical | ubuntu_linux | 18.04 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D11B44A-CE84-4875-A67D-0EC750365214", "versionEndExcluding": "3.2.7", "versionStartIncluding": "3.2.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database." }, { "lang": "es", "value": "El archivo _core_/plugins/medias en SPIP versiones 3.2.x anteriores a la versi\u00f3n 3.2.7, permite a autores autenticados remotos inyectar contenido de la base de datos." } ], "id": "CVE-2019-19830", "lastModified": "2024-11-21T04:35:28.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-12-17T05:15:14.603", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4536-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4583" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4536-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4583" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-01-02 18:11
Modified
2024-11-21 00:54
Severity ?
Summary
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spip | spip | 1.8 | |
spip | spip | 1.8.1 | |
spip | spip | 1.8.2 | |
spip | spip | 1.8.2b | |
spip | spip | 1.8.3 | |
spip | spip | 1.8b1 | |
spip | spip | 1.8b2 | |
spip | spip | 1.8b3 | |
spip | spip | 1.8b4 | |
spip | spip | 1.8b5 | |
spip | spip | 1.8b6 | |
spip | spip | 1.9.0 | |
spip | spip | 1.9.1 | |
spip | spip | 1.9.1 | |
spip | spip | 1.9.2 | |
spip | spip | 1.9.2f | |
spip | spip | 2.0.0 | |
spip | spip | 2.0.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "B513AF43-AFCA-494C-A3D0-A35F3214CE62", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C4AC748-27C3-4FEC-A3C0-CF68B7D5DA4A", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "91DEC874-206B-4C45-92F5-C6C650F92782", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.2b:*:*:*:*:*:*:*", "matchCriteriaId": "0A738F49-1968-4748-A48D-7D493BD09313", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "2258E6D1-B11D-4902-98D2-FC8330BE175D", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b1:*:*:*:*:*:*:*", "matchCriteriaId": "233CD17B-7CA9-4169-85CC-D44C2783A274", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b2:*:*:*:*:*:*:*", "matchCriteriaId": "C1F0B947-DA3E-4394-A2B4-240B9792BA9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b3:*:*:*:*:*:*:*", "matchCriteriaId": "D4FBAA9E-2DD6-4FCC-AD97-CF666DB1B6EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b4:*:*:*:*:*:*:*", "matchCriteriaId": "D11D5EC5-EB3F-4517-90E4-FE4B0B6526A0", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b5:*:*:*:*:*:*:*", "matchCriteriaId": "537F4814-914D-4493-98FB-F5F21B385F8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.8b6:*:*:*:*:*:*:*", "matchCriteriaId": "8E128150-5AF1-45EF-8A6F-6709671F22D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "87EF9B63-0BB2-425A-8A81-1264BD28DB5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.9.1:rev7385:*:*:*:*:*:*", "matchCriteriaId": "FDBAD023-85A7-4B75-90EA-7C174F746050", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.9.1:rev7502:*:*:*:*:*:*", "matchCriteriaId": "82D6BD57-507A-4131-9D50-7F76BB9C5DC7", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "1BCB6E24-EA9D-46C4-B128-310DFEB22D50", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:1.9.2f:*:*:*:*:*:*:*", "matchCriteriaId": "D95CA7C1-F894-4530-B3D4-44002F387453", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en SPIP v1.8 anteriores a v1.8.3b, 1.9 anteriores a v1.9.2g y v2.0 anteriores a v2.0.2 tienen un impacto y vectores de ataque desconocidos." } ], "id": "CVE-2008-5812", "lastModified": "2024-11-21T00:54:57.613", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-01-02T18:11:09.577", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/33307" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33061" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/33307" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33061" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-07-09 17:55
Modified
2024-11-21 01:51
Severity ?
Summary
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spip | spip | 3.0.0 | |
spip | spip | 3.0.1 | |
spip | spip | 3.0.2 | |
spip | spip | 3.0.3 | |
spip | spip | 3.0.4 | |
spip | spip | 3.0.5 | |
spip | spip | 3.0.6 | |
spip | spip | 3.0.7 | |
spip | spip | 3.0.8 | |
spip | spip | 2.1.1 | |
spip | spip | 2.1.2 | |
spip | spip | 2.1.3 | |
spip | spip | 2.1.4 | |
spip | spip | 2.1.5 | |
spip | spip | 2.1.6 | |
spip | spip | 2.1.7 | |
spip | spip | 2.1.8 | |
spip | spip | 2.1.9 | |
spip | spip | 2.1.10 | |
spip | spip | 2.1.11 | |
spip | spip | 2.1.12 | |
spip | spip | 2.1.13 | |
spip | spip | 2.1.14 | |
spip | spip | 2.1.15 | |
spip | spip | 2.1.16 | |
spip | spip | 2.1.17 | |
spip | spip | 2.1.18 | |
spip | spip | 2.1.19 | |
spip | spip | 2.1.20 | |
spip | spip | 2.1.21 | |
spip | spip | 2.0.0 | |
spip | spip | 2.0.1 | |
spip | spip | 2.0.2 | |
spip | spip | 2.0.3 | |
spip | spip | 2.0.4 | |
spip | spip | 2.0.5 | |
spip | spip | 2.0.6 | |
spip | spip | 2.0.7 | |
spip | spip | 2.0.8 | |
spip | spip | 2.0.9 | |
spip | spip | 2.0.10 | |
spip | spip | 2.0.11 | |
spip | spip | 2.0.12 | |
spip | spip | 2.0.13 | |
spip | spip | 2.0.14 | |
spip | spip | 2.0.15 | |
spip | spip | 2.0.16 | |
spip | spip | 2.0.17 | |
spip | spip | 2.0.18 | |
spip | spip | 2.0.19 | |
spip | spip | 2.0.20 | |
spip | spip | 2.0.21 | |
spip | spip | 2.0.22 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEACDF93-E23D-4DD8-8404-1A9FF6E30AD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4037A30-ECB1-4416-B2C4-11C74C862922", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0940E772-693A-4C37-843D-26FE94F2A872", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "12D453E4-AD84-499D-AC00-16B609F4B2ED", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D991DBB-7AD1-4BEA-B18F-078D23EAFA36", "vulnerable": true }, { "criteria": "cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "3D5309CE-6C06-45F2-9C13-F1A4926D480E", "vulnerable": true }, {