SPIP Multiple Security Vulnerabilities

SPIP is prone to the following security vulnerabilities.

1. A cross-site request forgery vulnerability
2. A cross-site scripting vulnerability
3. A directory-traversal vulnerability
4. A security-bypass vulnerability
5. A remote-code execution vulnerability

An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, retrieve arbitrary files, bypass security restrictions, execute arbitrary code in the context of the application and perform unauthorized actions in the context of the affected application. Other attacks are also possible.

SPIP version 3.1.2 and prior are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus