Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 Sep 2009 13:46:46 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: CVE id request: spip

Name: CVE-2009-3041
Status: Candidate
Reference: MISC:
Reference: CONFIRM:
Reference: BID:36008
Reference: URL:
Reference: SECUNIA:36365
Reference: URL:
Reference: XF:spip-unspecified-unauth-access(52381)
Reference: URL:

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper
access control for (1) ecrire/exec/install.php and (2)
ecrire/index.php, which allows remote attackers to conduct
unauthorized activities related to installation and backups, as
exploited in the wild in August 2009.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.