Test ID:	1.3.6.1.4.1.25623.1.0.809305
Category:	Web application abuses
Title:	SPIP < 3.1.3 Multiple Vulnerabilities
Summary:	SPIP is prone to multiple vulnerabilities.
Description:	Summary: SPIP is prone to multiple vulnerabilities. Vulnerability Insight: SPIP is prone to multiple vulnerabilities: - The SPIP template composer/compiler does not correctly handle SPIP 'INCLUDE/INCLURE' tags. - The 'var_url' parameter of the 'valider_xml' file is not correctly sanitized. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server, trick an administrator to open the malicious link, retrieve arbitrary files, bypass security restrictions and possibly have other unknown impact on the target system. Affected Software/OS: SPIP version prior to 3.1.3. Solution: Update to version 3.1.3 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7998 BugTraq ID: 93451 http://www.securityfocus.com/bid/93451 https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/ http://www.openwall.com/lists/oss-security/2016/10/05/17 http://www.openwall.com/lists/oss-security/2016/10/07/5 http://www.openwall.com/lists/oss-security/2016/10/08/6 Common Vulnerability Exposure (CVE) ID: CVE-2016-7999 https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/ http://www.openwall.com/lists/oss-security/2016/10/12/10 Common Vulnerability Exposure (CVE) ID: CVE-2016-7982 https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/ http://www.openwall.com/lists/oss-security/2016/10/06/6 http://www.openwall.com/lists/oss-security/2016/10/12/8 Common Vulnerability Exposure (CVE) ID: CVE-2016-7980 https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/ http://www.openwall.com/lists/oss-security/2016/10/12/6 Common Vulnerability Exposure (CVE) ID: CVE-2016-7981 http://www.openwall.com/lists/oss-security/2016/10/12/7
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.