CVE-2016-7980
SPIP 3.1.2 - Cross-Site Request Forgery
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
Vulnerabilidad de CSRF en ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes que ejecutan el validador XML en un archivo local a través de una solicitud valider_xml manipulada. NOTA: este problema se puede combinar con CVE-2016-7998 para ejecutar código PHP arbitrario.
SPIP versions 3.1.2 and below suffer from a cross site request forgery vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2016-10-19 CVE Published
- 2016-10-20 First Exploit
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/10/05/17 | Mailing List | |
http://www.openwall.com/lists/oss-security/2016/10/12/6 | Mailing List | |
http://www.securityfocus.com/bid/93451 | Vdb Entry | |
https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980 | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/40597 | 2016-10-20 |
URL | Date | SRC |
---|