CVE-2013-2118

2013-07-0917:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

spip

cve-2013-2118

security vulnerability

privilege escalation

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and “take editorial control” via vectors related to ecrire/inc/filtres.php.

CPENameOperatorVersion
spip:spipspipeq3.0.3
spip:spipspipeq3.0.8
spip:spipspipeq3.0.4
spip:spipspipeq3.0.7
spip:spipspipeq3.0.5
spip:spipspipeq3.0.2
spip:spipspipeq3.0.0
spip:spipspipeq3.0.6
spip:spipspipeq3.0.1
spip:spipspipeq2.1.15

CPE	Name	Operator	Version
spip:spip	spip	eq	3.0.3
spip:spip	spip	eq	3.0.8
spip:spip	spip	eq	3.0.4
spip:spip	spip	eq	3.0.7
spip:spip	spip	eq	3.0.5
spip:spip	spip	eq	3.0.2
spip:spip	spip	eq	3.0.0
spip:spip	spip	eq	3.0.6
spip:spip	spip	eq	3.0.1
spip:spip	spip	eq	2.1.15