SPIP 1.9 prior to 1.9.2i and 2.0.x up to and including 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote malicious users to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
spip spip 2.0.7 |
||
spip spip 2.0.2 |
||
spip spip 2.0.8 |
||
spip spip 1.9.1 |
||
spip spip 1.9 |
||
spip spip 2.0 |
||
spip spip 2.0.6 |
||
spip spip 2.0.5 |
||
spip spip 1.9.2g |
||
spip spip 1.9.2d |
||
spip spip 2.0.0 |
||
spip spip 1.9.2c |
||
spip spip 1.9.alpha1 |
||
spip spip 1.9.2h |
||
spip spip 2.0.4 |
||
spip spip 2.0.3 |
||
spip spip 2.0.1 |