CVE-2016-7982

MEDIUM(5.0)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Risk Signal Score22/100 — NIEDRIG

CVSS 5 — Mittel
EPSS 33%

EPSS-Score

33%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

Technische Schwere

Beschreibung

Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.

Referenzen

http://www.openwall.com/lists/oss-security/2016/10/05/17
http://www.openwall.com/lists/oss-security/2016/10/06/6
http://www.openwall.com/lists/oss-security/2016/10/12/8
http://www.securityfocus.com/bid/93451
https://core.spip.net/projects/spip/repository/revisions/23200
https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-...
http://www.openwall.com/lists/oss-security/2016/10/05/17
http://www.openwall.com/lists/oss-security/2016/10/06/6
http://www.openwall.com/lists/oss-security/2016/10/12/8
http://www.securityfocus.com/bid/93451