CVE-2006-0517SQL Injection in Spip

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
3.5%
top 12.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SpipDebian Spip
Timeline
PublishedFeb 2
Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/spip< spip 2.0.6-1 (bullseye)
Debianspip/spip< 2.0.6-1+2
NVDspip/spip1.8.2e+1

Patches

Patch: www.zone-h.orgPatch: www.zone-h.org

🔴Vulnerability Details

2
GHSA
GHSA-vxvr-qr96-crx5: Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum2022-05-01
OSV
CVE-2006-0517: Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum2006-02-02

📋Vendor Advisories

1
Debian
CVE-2006-0517: spip - Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 ...2006
CVE-2006-0517 — SQL Injection in Debian Spip | cvebase