ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
References
Configurations
History
21 Nov 2024, 02:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2016/10/05/17 - Mailing List, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2016/10/07/5 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2016/10/08/6 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2016/10/12/10 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/93451 - Third Party Advisory, VDB Entry | |
References | () https://core.spip.net/projects/spip/repository/revisions/23188 - Issue Tracking, Patch, Vendor Advisory | |
References | () https://core.spip.net/projects/spip/repository/revisions/23193 - Issue Tracking, Patch, Vendor Advisory | |
References | () https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/ - |
Information
Published : 2017-01-18 17:59
Updated : 2024-11-21 02:58
NVD link : CVE-2016-7999
Mitre link : CVE-2016-7999
CVE.ORG link : CVE-2016-7999
JSON object : View
Products Affected
spip
- spip
CWE
CWE-918
Server-Side Request Forgery (SSRF)