755
VMScore

CVE-2013-2118

Published: 09/07/2013 Updated: 11/10/2013
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SPIP 3.0.x prior to 3.0.9, 2.1.x prior to 2.1.22, and 2.0.x prior to 2.0.23 allows remote malicious users to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.

Vulnerable Product Search on Vulmon Subscribe to Product

spip spip 3.0.0

spip spip 3.0.1

spip spip 3.0.2

spip spip 3.0.3

spip spip 3.0.4

spip spip 3.0.5

spip spip 3.0.6

spip spip 3.0.7

spip spip 3.0.8

spip spip 2.1.1

spip spip 2.1.2

spip spip 2.1.3

spip spip 2.1.4

spip spip 2.1.5

spip spip 2.1.6

spip spip 2.1.7

spip spip 2.1.8

spip spip 2.1.9

spip spip 2.1.10

spip spip 2.1.11

spip spip 2.1.12

spip spip 2.1.13

spip spip 2.1.14

spip spip 2.1.15

spip spip 2.1.16

spip spip 2.1.17

spip spip 2.1.18

spip spip 2.1.19

spip spip 2.1.20

spip spip 2.1.21

spip spip 2.0.0

spip spip 2.0.1

spip spip 2.0.2

spip spip 2.0.3

spip spip 2.0.4

spip spip 2.0.5

spip spip 2.0.6

spip spip 2.0.7

spip spip 2.0.8

spip spip 2.0.9

spip spip 2.0.10

spip spip 2.0.11

spip spip 2.0.12

spip spip 2.0.13

spip spip 2.0.14

spip spip 2.0.15

spip spip 2.0.16

spip spip 2.0.17

spip spip 2.0.18

spip spip 2.0.19

spip spip 2.0.20

spip spip 2.0.21

spip spip 2.0.22

Vendor Advisories

A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website For the oldstable distribution (squeeze), this problem has been fixed in version 211-3squeeze6 For the stable distribution (wheezy), this problem has been fixed in version 2117-1+deb7u1 For the test ...

Exploits

#!/usr/bin/env python # Exploit Title: SPIP - CMS < 309 / 2122 / 2023 - Privilege escalation to administrator account from non authenticated user # Date: 04/30/2014 # Flaw finder : Unknown # Exploit Author: Gregory DRAPERI # Email: gregory |dot| draperi |at| gmail |dot| com # Google Dork : inurl="spipphp" # Vendor Homepage: wwwspipnet # ...

Mailing Lists

SPIP CMS versions 2x and 3x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities ...