// For flags

CVE-2016-7980

SPIP 3.1.2 - Cross-Site Request Forgery

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.

Vulnerabilidad de CSRF en ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes que ejecutan el validador XML en un archivo local a través de una solicitud valider_xml manipulada. NOTA: este problema se puede combinar con CVE-2016-7998 para ejecutar código PHP arbitrario.

SPIP versions 3.1.2 and below suffer from a cross site request forgery vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-09-09 CVE Reserved
  • 2016-10-19 CVE Published
  • 2016-10-20 First Exploit
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Spip
Search vendor "Spip"
Spip
Search vendor "Spip" for product "Spip"
<= 3.1.2
Search vendor "Spip" for product "Spip" and version " <= 3.1.2"
-
Affected