CVE-2016-7980

Name of the Vulnerable Software and Affected Versions SPIP versions 3.1.2 and earlier

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider xml request. This can potentially be combined with another issue to execute arbitrary PHP code.

Recommendations For SPIP versions 3.1.2 and earlier, update to a version later than 3.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the valider xml request to minimize the risk of exploitation.