Vulnerability Details CVE-2009-3041
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://fil.rezo.net/secu-14346-14350+14354.patch
- http://secunia.com/advisories/36365
- http://www.securityfocus.com/bid/36008
- http://www.spip-contrib.net/SPIP-Security-Alert-new-version
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52381
- http://fil.rezo.net/secu-14346-14350+14354.patch
- http://secunia.com/advisories/36365
- http://www.securityfocus.com/bid/36008
- http://www.spip-contrib.net/SPIP-Security-Alert-new-version
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52381
Products affected by CVE-2009-3041
-
cpe:2.3:a:spip:spip:1.9
-
cpe:2.3:a:spip:spip:1.9.1
-
cpe:2.3:a:spip:spip:1.9.2c
-
cpe:2.3:a:spip:spip:1.9.2d
-
cpe:2.3:a:spip:spip:1.9.2g
-
cpe:2.3:a:spip:spip:1.9.2h
-
cpe:2.3:a:spip:spip:1.9.alpha1
-
cpe:2.3:a:spip:spip:2.0
-
cpe:2.3:a:spip:spip:2.0.0
-
cpe:2.3:a:spip:spip:2.0.1
-
cpe:2.3:a:spip:spip:2.0.2
-
cpe:2.3:a:spip:spip:2.0.3
-
cpe:2.3:a:spip:spip:2.0.4
-
cpe:2.3:a:spip:spip:2.0.5
-
cpe:2.3:a:spip:spip:2.0.6
-
cpe:2.3:a:spip:spip:2.0.7
-
cpe:2.3:a:spip:spip:2.0.8