CVE-2016-7999

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
Configurations

Configuration 1 (hide)

cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-01-18 17:59

Updated : 2024-02-28 15:44


NVD link : CVE-2016-7999

Mitre link : CVE-2016-7999

CVE.ORG link : CVE-2016-7999


JSON object : View

Products Affected

spip

  • spip
CWE
CWE-918

Server-Side Request Forgery (SSRF)