668
VMScore

CVE-2016-3153

Published: 08/04/2016 Updated: 14/04/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SPIP 2.x prior to 2.1.19, 3.0.x prior to 3.0.22, and 3.1.x prior to 3.1.1 allows remote malicious users to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 7.0

debian debian linux 8.0

spip spip 2.0.0

spip spip 2.0.1

spip spip 2.0.2

spip spip 2.0.3

spip spip 2.0.4

spip spip 2.0.5

spip spip 2.0.6

spip spip 2.0.7

spip spip 2.0.8

spip spip 2.0.9

spip spip 2.0.10

spip spip 2.0.11

spip spip 2.0.12

spip spip 2.0.13

spip spip 2.0.14

spip spip 2.0.15

spip spip 2.0.16

spip spip 2.0.17

spip spip 2.0.18

spip spip 2.0.19

spip spip 2.0.20

spip spip 2.0.21

spip spip 2.0.22

spip spip 2.1.1

spip spip 2.1.2

spip spip 2.1.3

spip spip 2.1.4

spip spip 2.1.5

spip spip 2.1.6

spip spip 2.1.7

spip spip 2.1.8

spip spip 2.1.9

spip spip 2.1.10

spip spip 2.1.11

spip spip 2.1.12

spip spip 2.1.13

spip spip 2.1.14

spip spip 2.1.15

spip spip 2.1.16

spip spip 2.1.17

spip spip 2.1.18

spip spip 3.0.0

spip spip 3.0.1

spip spip 3.0.2

spip spip 3.0.3

spip spip 3.0.4

spip spip 3.0.5

spip spip 3.0.6

spip spip 3.0.7

spip spip 3.0.8

spip spip 3.0.9

spip spip 3.0.10

spip spip 3.0.11

spip spip 3.0.13

spip spip 3.0.14

spip spip 3.0.15

spip spip 3.0.16

spip spip 3.0.17

spip spip 3.0.19

spip spip 3.0.20

spip spip 3.1.0

Vendor Advisories

Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in code injection CVE-2016-3153 g0uZ et sambecks, from team root-me, discovered that arbitrary PHP code could be injected when adding content CVE-2016-3154 Gilles Vincent discovered that deserializing untrusted content could result in arbitrary ...