Vulners
Lucene search
SPIP 3.1.2 Cross Site Request Forgery
🗓️ 19 Oct 2016 00:00:00Reported by Nicolas ChatelainType 
packetstorm🔗 packetstormsecurity.com👁 34 Views
| Reporter | Title | Published | Views | Family All 36 |
|---|---|---|---|---|
 | SPIP 3.1.2 Template Compiler / Composer PHP Code Execution | 20 Oct 201600:00 | – | zdt |
| SPIP 3.1.2 Cross Site Request Forgery Vulnerability | 20 Oct 201600:00 | – | zdt |
 | CVE-2016-7980 | 19 Oct 201620:44 | – | circl |
| CVE-2016-7998 | 19 Oct 201621:12 | – | circl |
 | SPIP Remote Code Execution Vulnerability | 12 Oct 201600:00 | – | cnvd |
| SPIP Security Bypass Vulnerability (CNVD-2016-09664) | 12 Oct 201600:00 | – | cnvd |
 | CVE-2016-7980 | 18 Jan 201717:00 | – | cve |
| CVE-2016-7998 | 18 Jan 201717:00 | – | cve |
 | CVE-2016-7980 | 18 Jan 201717:00 | – | cvelist |
| CVE-2016-7998 | 18 Jan 201717:00 | – | cvelist |
10
`## SPIP 3.1.2 Exec Code Cross-Site Request Forgery (CVE-2016-7980)
### Product Description
SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence.
### Vulnerability Description
The vulnerable request to `valider_xml` (see: *SPIP 3.1.2 Template Compiler/Composer PHP Code Execution - CVE-2016-7998*) is vulnerable to Cross-Site Request Forgery, allowing the execution of the CVE-2016-7998 attack by tricking an administrator to open the malicious link.
**Access Vector**: remote
**Security Risk**: high
**Vulnerability**: CWE-352
**CVSS Base Score**: 8.3 (High)
**CVE-ID**: CVE-2016-7980
### Proof of Concept
http://spip-dev.srv/ecrire/?exec=valider_xml&var_url=/tmp/directory&ext=html
### Timeline (dd/mm/yyyy)
* 15/09/2016 : Initial discovery
* 26/09/2016 : Contact with SPIP Team
* 27/09/2016 : Answer from SPIP Team, sent advisory details
* 28/09/2016 : Fixes issued for CSRF
* 30/09/2016 : SPIP 3.1.3 Released
### Fixes
* https://core.spip.net/projects/spip/repository/revisions/23200
* https://core.spip.net/projects/spip/repository/revisions/23201
* https://core.spip.net/projects/spip/repository/revisions/23202
### Affected versions
* Version <= 3.1.2
### Credits
* Nicolas CHATELAIN, Sysdream (n.chatelain -at- sysdream -dot- com)
--
SYSDREAM Labs <[email protected]>
GPG :
47D1 E124 C43E F992 2A2E
1551 8EB4 8CD9 D5B2 59A1
* Website: https://sysdream.com/
* Twitter: @sysdream
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Oct 2016 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.23155