Debian DLA-695-1 : spip security update

Multiple vulnerabilities have been discovered in SPIP, a website engine for publishing written in PHP. CVE-2016-7980 Nicolas Chatelain of Sysdream Labs discovered a cross-site request forgery CSRF vulnerability in the validerxml action of SPIP. This allows remote attackers to make use of potentia...

SPIP 3.1.2 File Enumeration / Path Traversal

SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal CVE-2016-7982 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence. Vulnerability...