Spip » Spip : Security Vulnerabilities Published In 2006 (Execute Code)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2006-1702 |
|
|
Exec Code File Inclusion |
2006-04-11 |
2018-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. |
2 |
CVE-2006-0626 |
|
|
Exec Code Sql |
2006-02-09 |
2017-07-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter. |
3 |
CVE-2006-0625 |
|
|
Exec Code Dir. Trav. |
2006-02-09 |
2017-07-20 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3. |
4 |
CVE-2006-0517 |
|
|
Exec Code Sql |
2006-02-02 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions". |
Total number of vulnerabilities :
4
Page :
1
(This Page)