Input validation error in SPIP

#VU43724 Input validation error in SPIP

Published: 2012-08-15 | Updated: 2020-08-11

Vulnerability identifier: #VU43724

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2012-4331

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SPIP
Web applications / CMS

Vendor: spip.net

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.

Mitigation
Install update from vendor's website.

Vulnerable software versions

SPIP: 1.9 - 1.9.2, 2.0, 2.1

External links
http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/
http://www.securitytracker.com/id?1026970

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in spip.net SPIP