Main Vulnerability Database Vulnerabilities #VU43724

Input validation error in SPIP - CVE-2012-4331

Published: August 15, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43724

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2012-4331

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: spip.net

Affected software:
SPIP

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.

How to mitigate CVE-2012-4331

Install update from vendor's website.

Sources

http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/
http://www.securitytracker.com/id?1026970

Input validation error in SPIP - CVE-2012-4331

Detailed vulnerability description

How to mitigate CVE-2012-4331

Sources

Please verify you're human