Lucene search
HistoryNov 18, 2013 - 2:55 a.m.
CVE-2013-4557
security
screen
remote code execution
spip
3.0.12
cve-2013-4557
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.024 Low
EPSS
Percentile
89.9%
The Security Screen (core/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
Affected configurations
Node
spipspipMatch3.0.0
ORspipspipMatch3.0.1
ORspipspipMatch3.0.2
ORspipspipMatch3.0.3
ORspipspipMatch3.0.4
ORspipspipMatch3.0.5
ORspipspipMatch3.0.6
ORspipspipMatch3.0.7
ORspipspipMatch3.0.8
ORspipspipMatch3.0.9
ORspipspipMatch3.0.10
ORspipspipMatch3.0.11
References
Related
prion
prion
Code injection
2013-11-18 02:55:00
debiancve
debiancve
CVE-2013-4557
2013-11-18 02:55:08
nvd
nvd
CVE-2013-4557
2013-11-18 02:55:08
ubuntucve
ubuntucve
CVE-2013-4557
2013-11-18 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_SPIP_RCE_2
2013-11-18 02:55:00
cvelist
cvelist
CVE-2013-4557
2013-11-15 18:16:00
dsquare
dsquare
SPIP ecran_securite connect Parameter RCE
2013-12-27 00:00:00
openvas
openvas
Debian Security Advisory DSA 2794-1 (spip - several vulnerabilities)
2013-11-10 00:00:00
Debian: Security Advisory (DSA-2794-1)
2013-11-09 00:00:00
SPIP 'connect' Parameter PHP Code Injection Vulnerability
2013-08-29 00:00:00
nessus
nessus
Debian DSA-2794-1 : spip - several vulnerabilities
2013-11-21 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.024 Low
EPSS
Percentile
89.9%
Related for CVE-2013-4557