CVE-2013-4557
published 2013-11-18CVE-2013-4557: The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute…
PriorityP265high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
25.29%
97.7th percentile
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | spip | < spip 2.1.24-1 (bullseye) | spip 2.1.24-1 (bullseye) |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | — | — |
| spip | spip | >= 0 < 2.1.24-1 | 2.1.24-1 |
| spip | spip | >= 0 < 2.1.24-1 | 2.1.24-1 |
| spip | spip | >= 0 < 2.1.24-1 | 2.1.24-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting ecran_securite.php with a suspicious or PHP-injected `connect` parameter value — unauthenticated exploitation is possible. ↗
- →Exploitation has been confirmed on SPIP versions 2.0.11 and 2.0.20 running on Apache (Ubuntu, Fedora, Windows Server); alert on requests to SPIP endpoints from these version ranges. ↗
- →Flag SPIP installations running branches 2.0 (< 2.0.21), 2.1 (< 2.1.16), and 3.0 (< 3.0.3 / < 3.0.12) as vulnerable targets for this injection vector. ↗
- ·The Metasploit module targets multiple SPIP branches (2.0, 2.1, 3.x); ensure detection rules account for all affected version ranges and not just 3.0.x cited in the CVE description. ↗
- ·The CVE description references ecran_securite.php < 1.1.8 and SPIP 3.0.x < 3.0.12, while the Metasploit module cites < 3.0.3 as the upper bound for branch 3 — version boundary discrepancy should be noted when scoping detections. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-4557: spip - The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, ...
vendor_debian·2013·CVSS 7.5
CVE-2013-4557 [HIGH] CVE-2013-4557: spip - The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, ...
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
Scope: local
bullseye: resolved (fixed in 2.1.24-1)
forky: resolved (fixed in 2.1.24-1)
sid: resolved (fixed in 2.1.24-1)
trixie: resolved (fixed in 2.1.24-1)
GHSA
GHSA-p3c2-jj59-pgg6: The Security Screen (_core_/securite/ecran_securite
ghsa_unreviewed·2022-05-17
CVE-2013-4557 [HIGH] CWE-94 GHSA-p3c2-jj59-pgg6: The Security Screen (_core_/securite/ecran_securite
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
OSV
CVE-2013-4557: The Security Screen (_core_/securite/ecran_securite
osv·2013-11-18·CVSS 7.5
CVE-2013-4557 [HIGH] CVE-2013-4557: The Security Screen (_core_/securite/ecran_securite
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/55551http://www.openwall.com/lists/oss-security/2013/11/10/4http://www.securitytracker.com/id/1029317http://www.spip.net/fr_article5646.htmlhttp://www.spip.net/fr_article5648.htmlhttp://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.phphttps://www.debian.org/security/2013/dsa-2794http://secunia.com/advisories/55551http://www.openwall.com/lists/oss-security/2013/11/10/4http://www.securitytracker.com/id/1029317http://www.spip.net/fr_article5646.htmlhttp://www.spip.net/fr_article5648.htmlhttp://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.phphttps://www.debian.org/security/2013/dsa-2794
2013-11-18
Published