Lucene search

[email protected]CVE-2009-3041

HistorySep 01, 2009 - 6:30 p.m.

CVE-2009-3041

2009-09-0118:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-3041

spip

security vulnerability

access control

unauthorized activities

installation

backups

nvd

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.073 Low

EPSS

Percentile

94.0%

JSON

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.

CPENameOperatorVersion
spip:spipspipeq1.9.1
spip:spipspipeq1.9
spip:spipspipeq2.0.0
spip:spipspipeq2.0.3
spip:spipspipeq2.0.6
spip:spipspipeq2.0.7
spip:spipspipeq2.0
spip:spipspipeq2.0.8
spip:spipspipeq2.0.2
spip:spipspipeq2.0.5

CPE	Name	Operator	Version
spip:spip	spip	eq	1.9.1
spip:spip	spip	eq	1.9
spip:spip	spip	eq	2.0.0
spip:spip	spip	eq	2.0.3
spip:spip	spip	eq	2.0.6
spip:spip	spip	eq	2.0.7
spip:spip	spip	eq	2.0
spip:spip	spip	eq	2.0.8
spip:spip	spip	eq	2.0.2
spip:spip	spip	eq	2.0.5

Rows per page:

1-10 of 171

References

fil.rezo.net/secu-14346-14350+14354.patch

secunia.com/advisories/36365

www.securityfocus.com/bid/36008

www.spip-contrib.net/SPIP-Security-Alert-new-version

exchange.xforce.ibmcloud.com/vulnerabilities/52381

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.073 Low

EPSS

Percentile

94.0%

JSON

Related for CVE-2009-3041

dsquare1 prion1 ubuntucve1 debiancve1