#VU40407 Code Injection in Debian Linux and SPIP - CVE-2016-3153
Published: April 8, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40407
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-3153
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Debian Linux
SPIP
Debian Linux
SPIP
Software vendor:
Debian
spip.net
Debian
spip.net
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
Remediation
Install update from vendor's website.