CVE-2016-7980

moderate-risk
Published 2017-01-18

Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.

Do I need to act?

-
0.55% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
40597
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Spip

References (16)

Mailing List http://www.openwall.com/lists/oss-security/2016/10/05/17
Mailing List http://www.openwall.com/lists/oss-security/2016/10/06/6
Mailing List http://www.openwall.com/lists/oss-security/2016/10/12/6
http://www.securityfocus.com/bid/93451
Issue Tracking https://core.spip.net/projects/spip/repository/revisions/23201
Issue Tracking https://core.spip.net/projects/spip/repository/revisions/23202
Issue Tracking https://core.spip.net/projects/spip/repository/revisions/23203
https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request...
Mailing List http://www.openwall.com/lists/oss-security/2016/10/05/17
Mailing List http://www.openwall.com/lists/oss-security/2016/10/06/6
Mailing List http://www.openwall.com/lists/oss-security/2016/10/12/6
http://www.securityfocus.com/bid/93451
Issue Tracking https://core.spip.net/projects/spip/repository/revisions/23201
Issue Tracking https://core.spip.net/projects/spip/repository/revisions/23202
Issue Tracking https://core.spip.net/projects/spip/repository/revisions/23203
https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request...
44
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 9/34 · Low
Exposure 5/34 · Minimal