Main Vulnerability Database Vulnerabilities #VU42737

Input validation error in SPIP - CVE-2013-2118

Published: July 9, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42737

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2013-2118

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: spip.net

Affected software:
SPIP

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.

How to mitigate CVE-2013-2118

Install update from vendor's website.

Sources

http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr
http://core.spip.org/projects/spip/repository/revisions/20541
http://www.debian.org/security/2013/dsa-2694
http://www.openwall.com/lists/oss-security/2013/05/27/2

Input validation error in SPIP - CVE-2013-2118

Detailed vulnerability description

How to mitigate CVE-2013-2118

Sources

Please verify you're human