Lucene search

K

GoogleOSV:CVE-2016-7980

HistoryJan 18, 2017 - 5:59 p.m.

CVE-2016-7980

2017-01-1817:59:00

Google

osv.dev

2

9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.

References

www.openwall.com/lists/oss-security/2016/10/05/17

www.openwall.com/lists/oss-security/2016/10/06/6

www.openwall.com/lists/oss-security/2016/10/12/6

www.securityfocus.com/bid/93451

core.spip.net/projects/spip/repository/revisions/23201

core.spip.net/projects/spip/repository/revisions/23202

core.spip.net/projects/spip/repository/revisions/23203

sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/

9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

Related for OSV:CVE-2016-7980

packetstorm2 nvd2 debiancve2 exploitpack2 ubuntucve2 prion2 cvelist2 cve2 exploitdb2 osv2 debian1 openvas2 zdt2 nessus1