cbcvebase.
CVE-2013-4557
published 2013-11-18

CVE-2013-4557: The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute…

PriorityP265high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
25.29%
97.7th percentile
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.

Affected

16 ranges
VendorProductVersion rangeFixed in
debianspip< spip 2.1.24-1 (bullseye)spip 2.1.24-1 (bullseye)
spipspip
spipspip
spipspip
spipspip
spipspip
spipspip
spipspip
spipspip
spipspip
spipspip
spipspip
spipspip
spipspip>= 0 < 2.1.24-12.1.24-1
spipspip>= 0 < 2.1.24-12.1.24-1
spipspip>= 0 < 2.1.24-12.1.24-1

Detection & IOCsextracted from sources · hover to see the quote

path_core_/securite/ecran_securite.php
otherconnect parameter PHP injection
  • Monitor HTTP requests targeting ecran_securite.php with a suspicious or PHP-injected `connect` parameter value — unauthenticated exploitation is possible.
  • Exploitation has been confirmed on SPIP versions 2.0.11 and 2.0.20 running on Apache (Ubuntu, Fedora, Windows Server); alert on requests to SPIP endpoints from these version ranges.
  • Flag SPIP installations running branches 2.0 (< 2.0.21), 2.1 (< 2.1.16), and 3.0 (< 3.0.3 / < 3.0.12) as vulnerable targets for this injection vector.
  • ·The Metasploit module targets multiple SPIP branches (2.0, 2.1, 3.x); ensure detection rules account for all affected version ranges and not just 3.0.x cited in the CVE description.
  • ·The CVE description references ecran_securite.php < 1.1.8 and SPIP 3.0.x < 3.0.12, while the Metasploit module cites < 3.0.3 as the upper bound for branch 3 — version boundary discrepancy should be noted when scoping detections.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.