Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7998Improper Input Validation in Spip

CWE-20Improper Input ValidationCWE-352Cross-Site Request Forgery10 documents5 sources
Severity
8.8HIGHNVD
EPSS
23.2%
top 4.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SpipDebian Spip
Timeline
PublishedJan 18
Latest updateMay 17

Description

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/spip< spip 3.1.3-1 (bullseye)
Debianspip/spip< 3.1.3-1+2
NVDspip/spip3.1.2

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: core.spip.net

🔴Vulnerability Details

4
GHSA
GHSA-q539-39f7-xr44: The SPIP template composer/compiler in SPIP 32022-05-17
GHSA
GHSA-7w5f-5r8v-pff6: Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml2022-05-17
OSV
CVE-2016-7998: The SPIP template composer/compiler in SPIP 32017-01-18
OSV
CVE-2016-7980: Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml2017-01-18

💥Exploits & PoCs

2
Exploit-DB
SPIP 3.1.2 - Cross-Site Request Forgery2016-10-20
Exploit-DB
SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution2016-10-20

📋Vendor Advisories

2
Debian
CVE-2016-7998: spip - The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote auth...2016
Debian
CVE-2016-7980: spip - Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php i...2016
CVE-2016-7998 — Improper Input Validation in Spip | cvebase