Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-2118 — Spip vulnerability

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

12.0%

top 6.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Spip Debian Spip

Timeline

PublishedJul 9

Latest updateMay 17

Description

SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/spip< spip 2.1.22-1 (bullseye)

▶Debianspip/spip< 2.1.22-1+2

▶NVDspip/spip53 versions+52

🔴Vulnerability Details

GHSA

GHSA-rvp2-88r9-jj4j: SPIP 3↗2022-05-17

▶

OSV

CVE-2013-2118: SPIP 3↗2013-07-09

▶

💥Exploits & PoCs

Exploit-DB

SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation↗2014-05-19

▶

📋Vendor Advisories

Debian

CVE-2013-2118: spip - SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows rem...↗2013

▶