First published: Fri Nov 15 2013(Updated: )
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Spip Spip | =3.0.0 | |
Spip Spip | =3.0.1 | |
Spip Spip | =3.0.2 | |
Spip Spip | =3.0.3 | |
Spip Spip | =3.0.4 | |
Spip Spip | =3.0.5 | |
Spip Spip | =3.0.6 | |
Spip Spip | =3.0.7 | |
Spip Spip | =3.0.8 | |
Spip Spip | =3.0.9 | |
Spip Spip | =3.0.10 | |
Spip Spip | =3.0.11 | |
debian/spip | 3.2.4-1+deb10u9 3.2.4-1+deb10u11 3.2.11-3+deb11u9 3.2.11-3+deb11u7 4.1.9+dfsg-1+deb12u2 4.1.12+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.