Main Vulnerability Database Vulnerabilities #VU43724

#VU43724 Input validation error in SPIP - CVE-2012-4331

Published: August 15, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43724

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2012-4331

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SPIP

Software vendor:
spip.net

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.

Remediation

Install update from vendor's website.

External links

http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/
http://www.securitytracker.com/id?1026970

#VU43724 Input validation error in SPIP - CVE-2012-4331

Description

Remediation

External links

Please verify you're human