Debian Spip vulnerabilities

CVE-2016-3154 [CRITICAL] CVE-2016-3154: spip - The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before ... The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. Scope: local bullseye: resolved (fixed in 3.0.22-1) forky: resolved (fixed in 3.0.22-1) sid: resolved (fixed

CVE-2016-7998 [HIGH] CVE-2016-7998: spip - The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote auth... The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. Scope: local bullseye: resolved (fixed in 3.1.3-1) forky: resolved (fixed in 3.1.3-1) sid: resolved (fixed in 3.1.3-1) trixie:

CVE-2016-7999 [HIGH] CVE-2016-7999: spip - ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to... ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. Scope: local bullseye: resolved (fixed in 3.1.3-1) forky: resolved (fixed in 3.1.3-1) sid: resolved (fixed in 3.1.3-1) trixie: resolved (fixed in 3.1.3-1)

CVE-2016-7982 [HIGH] CVE-2016-7982: spip - Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 a... Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. Scope: local bullseye: resolved (fixed in 3.1.3-1) forky: resolved (fixed in 3.1.3-1) sid: resolved (fixed in 3.1.3-1) trixie: resolved (fixed in 3.1.3-1)

CVE-2016-7980 [HIGH] CVE-2016-7980: spip - Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php i... Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. Scope: local bullse

CVE-2016-9152 [MEDIUM] CVE-2016-9152: spip - Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.... Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter. Scope: local bullseye: resolved (fixed in 3.1.4-2) forky: resolved (fixed in 3.1.4-2) sid: resolved (fixed in 3.1.4-2) trixie: resolved (fixed in 3.1.4-2)

CVE-2016-7981 [MEDIUM] CVE-2016-7981: spip - Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and ea... Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. Scope: local bullseye: resolved (fixed in 3.1.3-1) forky: resolved (fixed in 3.1.3-1) sid: resolved (fixed in 3.1.3-1) trixie: resolved (fixed in 3.1.3-1)

CVE-2016-9998 [MEDIUM] CVE-2016-9998: spip - SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire... SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. Scope: local bullseye: resolved (fixed in 3.1.4-2) forky: resolved (fixed in 3.1.4-2) sid: resolved (fixed in 3.1.4-2) trixie: resolved (fixed in 3.1.4-2)

CVE-2016-9997 [MEDIUM] CVE-2016-9997: spip - SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrir... SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. Scope: local bullseye: resolved (fixed in 3.1.4-2) forky: resolved (fixed in 3.1.4-2) sid: resolved (fixed in 3.1.4-2) trixie: resolved (fixed in 3.1.4-2)

CVE-2013-4557 [HIGH] CVE-2013-4557: spip - The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, ... The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter. Scope: local bullseye: resolved (fixed in 2.1.24-1) forky: resolved (fixed in 2.1.24-1) sid: resolved (fixed in 2.1.24-1) trixie: resolved (fixed in 2.1.24-1)

CVE-2013-2118 [HIGH] CVE-2013-2118: spip - SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows rem... SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php. Scope: local bullseye: resolved (fixed in 2.1.22-1) forky: resolved (fixed in 2.1.22-1) sid: resolved (fixed in 2.1.22-1) trixie: resolved (fixed in 2.1.22-1)

CVE-2013-4556 [MEDIUM] CVE-2013-4556: spip - Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/e... Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter. Scope: local bullseye: resolved (fixed in 2.1.24-1) forky: resolved (fixed in 2.1.24-1) sid: resolved (fixed in 2.1.24-1) trixie: resolv

CVE-2013-4555 [MEDIUM] CVE-2013-4555: spip - Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in S... Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors. Scope: local bullseye: resolved (fixed in 2.1.24-1) forky: resolved (fixed in 2.1.24-1) sid: resolved (fixed in 2.1.24-1) trixie: resolved (fi

CVE-2013-7303 [MEDIUM] CVE-2013-7303: spip - Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formu... Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field. Scope: local bullseye: resolved (fixed in 3.0.13-1) forky: resolved (fixed in 3.0.13-1) sid: re

CVE-2012-4331 [MEDIUM] CVE-2012-4331: spip - Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18... Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151. Scope: local bullseye: resolved (fixed in 2.1.13-1) forky: resolved (fixed in 2.1.13-1) sid: resolved (fixed in 2.1.13-1) trixie

CVE-2012-2151 [MEDIUM] CVE-2012-2151: spip - Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o... Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bullseye: resolved (fixed in 2.1.13-1) forky: resolved (fixed in 2.1.13-1) sid: resolved (fixed in 2.1.13-1) trixie: resolved (fixed in 2.1.13-1

CVE-2009-3041 [HIGH] CVE-2009-3041: spip - SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access contro... SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009. Scope: local bullseye: resolved (fixed in 2.0.9-1) forky: resolved (fixed in 2.0.9-1) sid:

CVE-2008-5812 [CRITICAL] CVE-2008-5812: spip - Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2... Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors. Scope: local bullseye: resolved (fixed in 2.0.6-1) forky: resolved (fixed in 2.0.6-1) sid: resolved (fixed in 2.0.6-1) trixie: resolved (fixed in 2.0.6-1)

CVE-2008-5813 [HIGH] CVE-2008-5813: spip - SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 ... SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information. Scope: local bullseye: resolved (fixed in 2.0.6-1) forky: resolved (fixed in 2.0.6-1) sid: resolved (fixed

CVE-2007-4525 [HIGH] CVE-2007-4525: spip - PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows ... PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the sco