Lucene search

CVE-2013-4557

🗓️ 18 Nov 2013 02:08:55Reported by redhatType

cve🔗 web.nvd.nist.gov👁 46 Views🌐 WEB

Security Screen allows remote code execution in SPIP before 3.0.1

Reporter	Title	Published	Views	Family All 11
Prion	Code injection	18 Nov 201302:55	–	prion
Debian CVE	CVE-2013-4557	18 Nov 201302:55	–	debiancve
NVD	CVE-2013-4557	18 Nov 201302:55	–	nvd
UbuntuCve	CVE-2013-4557	18 Nov 201300:00	–	ubuntucve
Dsquare	SPIP ecran_securite connect Parameter RCE	27 Dec 201300:00	–	dsquare
Cvelist	CVE-2013-4557	15 Nov 201318:16	–	cvelist
d2	DSquare Exploit Pack: D2SEC_SPIP_RCE_2	18 Nov 201302:55	–	d2
OpenVAS	Debian Security Advisory DSA 2794-1 (spip - several vulnerabilities)	10 Nov 201300:00	–	openvas
OpenVAS	Debian: Security Advisory (DSA-2794-1)	9 Nov 201300:00	–	openvas
OpenVAS	SPIP 'connect' Parameter PHP Code Injection Vulnerability	29 Aug 201300:00	–	openvas

Nvd

Node

spip spipMatch3.0.0

spip spipMatch3.0.1

spip spipMatch3.0.2

spip spipMatch3.0.3

spip spipMatch3.0.4

spip spipMatch3.0.5

spip spipMatch3.0.6

spip spipMatch3.0.7

spip spipMatch3.0.8

spip spipMatch3.0.9

spip spipMatch3.0.10

spip spipMatch3.0.11

Source	Link
debian	www.debian.org/security/2013/dsa-2794
securitytracker	www.securitytracker.com/id/1029317
spip	www.spip.net/fr_article5646.html
secunia	www.secunia.com/advisories/55551
spip	www.spip.net/fr_article5648.html
zone	www.zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php
openwall	www.openwall.com/lists/oss-security/2013/11/10/4

Parameter	Position	Path	Description	CWE
connect	query param	_core_/securite/ecran_securite.php	Remote Code Execution via connect parameter in SPIP's security screen.	CWE-94

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Nov 2013 02:55Current

7.5High risk

Vulners AI Score7.5

CVSS27.5

EPSS0.03521

CWE-94