PT-2006-1683 · Spip · Spip

Published

2006-02-09

Updated

2017-07-20

CVE-2006-0626

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SPIP versions 1.8.2g and earlier

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the file parameter in the spip acces doc.php3 file.

Recommendations For SPIP versions 1.8.2g and earlier, consider restricting access to the spip acces doc.php3 file until a patch is available. Avoid using the file parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0626

Affected Products

Spip

PT-2006-1683 · Spip · Spip

CVE-2006-0626

Related Identifiers

Affected Products

References · 13