PT-2017-19145 · Spip · Spip

Cerdic

Published

2017-06-17

Updated

2017-11-04

CVE-2017-9736

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SPIP versions 3.1.x through 3.1.5 SPIP versions 3.2.x through Beta 2

Description The issue allows a remote attacker to cause remote code execution due to the failure to remove shell metacharacters from the host field.

Recommendations For SPIP versions 3.1.x through 3.1.5, update to version 3.1.6 or later. For SPIP versions 3.2.x through Beta 2, update to Beta 3 or later.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2017-9736

DSA-3890-1

Affected Products

Spip

PT-2017-19145 · Spip · Spip

CVE-2017-9736

Weakness Enumeration

Related Identifiers

Affected Products

References · 12