CVE-2016-7999

🟡 Monitoruj

Podatność w SPIP umożliwia atakującym zdalne przeprowadzenie ataku SSRF.

CVSS

7.4

EPSS

0.8%

Exploit

none

Vendor

spip

Opis źródłowy (NVD)

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.

ssrf Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	7.4
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	0.8%
Opublikowano (NVD)	2017-01-18 17:59:01 UTC
Ostatnia modyfikacja (NVD)	2026-05-13 00:24:29 UTC

Referencje

http://www.openwall.com/lists/oss-security/2016/10/05/17 (cve@mitre.org) [Mailing List, Third Party Advisory]
http://www.openwall.com/lists/oss-security/2016/10/07/5 (cve@mitre.org) [Mailing List, Patch, Third Party Advisory]
http://www.openwall.com/lists/oss-security/2016/10/08/6 (cve@mitre.org) [Mailing List, Patch, Third Party Advisory]
http://www.openwall.com/lists/oss-security/2016/10/12/10 (cve@mitre.org) [Mailing List, Third Party Advisory]
http://www.securityfocus.com/bid/93451 (cve@mitre.org) [Third Party Advisory, VDB Entry]
https://core.spip.net/projects/spip/repository/revisions/23188 (cve@mitre.org) [Issue Tracking, Patch, Vendor Advisory]
https://core.spip.net/projects/spip/repository/revisions/23193 (cve@mitre.org) [Issue Tracking, Patch, Vendor Advisory]
https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/ (cve@mitre.org)