SPIP < 1.8.2-g SQL Injection And XSS Flaws Network Vulnerability

Summary

The remote web server has a PHP application that is affected by multiple flaws. Description: The remote host is running SPIP, an open-source CMS written in PHP. The remote version of this software is prone to SQL injection and cross site scripting attacks. An attacker could send specially crafted URL to modify SQL requests, for example, to obtain the admin password hash, or execute malicious script code on the remote system.

Solution

Upgrade to SPIP version 1.8.2-g or later.

References

http://listes.rezo.net/archives/spip-en/2006-02/msg00002.html
http://listes.rezo.net/archives/spip-en/2006-02/msg00004.html
http://www.securityfocus.com/archive/1/423655/30/0/threaded
http://www.zone-h.org/en/advisories/read/id=8650/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-0517, CVE-2006-0518, CVE-2006-0519

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

A Really Simple Chat Multiple SQL Injection Vulnerabilities
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
AlefMentor Multiple SQL Injection Vulnerabilities
AVTECH DVR Multiple Vulnerabilities
admin.cgi overflow

SPIP < 1.8.2-g SQL Injection and XSS Flaws

Take action and discover your vulnerabilities