Vulnerability Details : CVE-2016-7998
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
Vulnerability category: Input validation
Products affected by CVE-2016-7998
- cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-7998
Top countries where our scanners detected CVE-2016-7998
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-7998 39
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-7998!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-7998
24.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7998
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-7998
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7998
-
http://www.openwall.com/lists/oss-security/2016/10/07/5
oss-security - Re: SPIP vulnerabilities: request for 5 CVEMailing List;Patch;Third Party Advisory
-
https://core.spip.net/projects/spip/repository/revisions/23189
Revision 23189 - Report de r23186 : echapper les guillemets dans les noms de fichier pour ne p... - SPIP - SPIP Core (Forge de développement)Issue Tracking;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/93451
SPIP Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://core.spip.net/projects/spip/repository/revisions/23186
Revision 23186 - echapper les guillemets dans les noms de fichier pour ne pas generer du code ... - SPIP - SPIP Core (Forge de développement)Issue Tracking;Vendor Advisory;Patch
-
http://www.openwall.com/lists/oss-security/2016/10/08/6
oss-security - Re: SPIP vulnerabilities: request for 5 CVEMailing List;Patch;Third Party Advisory
-
https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/
Sysdream, SPIP 3.1.2 Template Compiler/Composer PHP Code Execution (CVE-2016-7998)
-
http://www.openwall.com/lists/oss-security/2016/10/05/17
oss-security - SPIP vulnerabilities: request for 5 CVEMailing List;Third Party Advisory
-
https://core.spip.net/projects/spip/repository/revisions/23192
Revision 23192 - Report de r23186 : echapper les guillemets dans les noms de fichier pour ne p... - SPIP - SPIP Core (Forge de développement)Issue Tracking;Patch;Vendor Advisory
Jump to