CVE-2009-3041

Name of the Vulnerable Software and Affected Versions: SPIP versions 1.9 through 1.9.2h SPIP versions 2.0.x through 2.0.8

Description: The issue is related to improper access control for certain PHP files, specifically "ecrire/exec/install.php" and "ecrire/index.php". This allows remote attackers to perform unauthorized actions, including those related to installation and backups. There have been reports of this issue being exploited in the wild.

Recommendations: For SPIP versions 1.9 through 1.9.2h, update to version 1.9.2i or later. For SPIP versions 2.0.x through 2.0.8, update to a version later than 2.0.8.