Main Vulnerability Database Vulnerabilities #VU42737

#VU42737 Input validation error in SPIP - CVE-2013-2118

Published: July 9, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42737

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2013-2118

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
SPIP

Software vendor:
spip.net

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.

Remediation

Install update from vendor's website.

External links

http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr
http://core.spip.org/projects/spip/repository/revisions/20541
http://www.debian.org/security/2013/dsa-2694
http://www.openwall.com/lists/oss-security/2013/05/27/2

#VU42737 Input validation error in SPIP - CVE-2013-2118

Description

Remediation

External links

Please verify you're human