Spip · Spip · CVE-2009-3041
Name of the Vulnerable Software and Affected Versions:
SPIP versions 1.9 through 1.9.2h
SPIP versions 2.0.x through 2.0.8
Description:
The issue is related to improper access control for certain PHP files, specifically "ecrire/exec/install.php" and "ecrire/index.php". This allows remote attackers to perform unauthorized actions, including those related to installation and backups. There have been reports of this issue being exploited in the wild.
Recommendations:
For SPIP versions 1.9 through 1.9.2h, update to version 1.9.2i or later.
For SPIP versions 2.0.x through 2.0.8, update to a version later than 2.0.8.