CVE-2016-3153

Опубликовано: 08 апр. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.19:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.0.20:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01459

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2016-3153

CVSS3: 9.8

ubuntu

почти 10 лет назад

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

CVE-2016-3153

CVSS3: 9.8

debian

почти 10 лет назад

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 al ...

GHSA-59w9-3w7r-f858

CVSS3: 9.8

github

больше 3 лет назад

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

EPSS

Процентиль: 81%

0.01459

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94