漏洞类别:CGI
漏洞等级: 
漏洞信息
SPIP is a publishing system for the Internet in which great importance is attached to collaborative working, to multilingual environments, and to simplicity of use for web authors. It is free software, distributed under the GNU/GPL licence.
SPIP contains the following remotely exploitable vulnerabilities that can allow a remote attacker to conduct PHP Code Execution, Cross-Site Request Forgery (CSRF), reflected Cross-Site Scripting (XSS), file enumeration/dath traversal or Server Side Request Forgery (SSRF) attacks:
CVE-2016-7980: The implemented valider_xml is vulnerable to Cross-Site Request Forgery, allowing the execution of the CVE-2016-7998 attack by tricking an administrator to open the malicious link.
CVE-2016-7981: The implemented var_url parameter of the valider_xml file is not correctly sanitized and can be used to trigger a reflected XSS vulnerability.
CVE-2016-7982: The implemented valider_xml file can be used to enumerate files on the system.
CVE-2016-7998: The SPIP template compose / compile Does not Correctly handle SPIP "INCLUDE / INCLUDE" Tags, ALLOWING PHP code execution by an authenticated attacker.
CVE-2016-7999: It is feasible to send HTTP/FTP requests using the implemented valider_xmlfile file. Attackers can make it look like the server is sending the request, possibly bypassing access controls such as a firewall.
Affected Versions:
SPIP versions prior to 3.1.3, 3.0.24 and 2.1.29
漏洞危害
Successful exploitation allows a remote attacker to conduct PHP Code Execution, Cross-Site Request Forgery (CSRF), reflected Cross-Site Scripting (XSS), file enumeration/dath traversal or Server Side Request Forgery (SSRF) attacks.
解决方案
Customers are advised to upgrade to SPIP 3.1.3, 3.0.24, 2.1.29 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论