CVE-2013-4557

Name of the Vulnerable Software and Affected Versions SPIP versions 3.0.x prior to 3.0.12 SPIP Security Screen ( core /securite/ecran securite.php) version prior to 1.1.8

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the connect parameter in the Security Screen component of SPIP.

Recommendations For SPIP versions 3.0.x prior to 3.0.12, update to version 3.0.12 or later. For SPIP Security Screen ( core /securite/ecran securite.php) version prior to 1.1.8, update to version 1.1.8 or later. As a temporary workaround, consider restricting access to the Security Screen component until a patch is applied.