Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1702Code Injection in Spip

CWE-94Code Injection9 documents5 sources
Severity
7.5HIGHNVD
EPSS
2.1%
top 15.96%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SpipDebian Spip
Timeline
PublishedApr 11
Latest updateMay 1

Description

PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/spip< spip 2.0.6-1 (bullseye)
Debianspip/spip< 2.0.6-1+2
NVDspip/spip1.7.2, 1.8.3+1

🔴Vulnerability Details

4
GHSA
GHSA-36wc-4rp7-pvp7: PHP remote file inclusion vulnerability in spip_login2022-05-01
GHSA
GHSA-9gw3-6jgp-vr97: ** DISPUTED ** PHP remote file inclusion vulnerability in inc-calcul2022-05-01
OSV
CVE-2007-4525: PHP remote file inclusion vulnerability in inc-calcul2007-08-25
OSV
CVE-2006-1702: PHP remote file inclusion vulnerability in spip_login2006-04-11

💥Exploits & PoCs

1
Exploit-DB
SPIP 1.8.3 - 'Spip_login.php' Remote File Inclusion2006-04-10

📋Vendor Advisories

2
Debian
CVE-2007-4525: spip - PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows ...2007
Debian
CVE-2006-1702: spip - PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows ...2006
CVE-2006-1702 — Code Injection in Debian Spip | cvebase