Date: Wed, 12 Oct 2016 15:26:23 +0200 From: Sysdream Labs <labs@...dream.com> To: oss-security@...ts.openwall.com Cc: fulldisclosure@...lists.org, spip-team-owner@...o.net Subject: CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery ## SPIP 3.1.2 Exec Code Cross-Site Request Forgery (CVE-2016-7980) ### Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence. ### Vulnerability Description The vulnerable request to `valider_xml` (see: *SPIP 3.1.2 Template Compiler/Composer PHP Code Execution - CVE-2016-7998*) is vulnerable to Cross-Site Request Forgery, allowing the execution of the CVE-2016-7998 attack by tricking an administrator to open the malicious link. **Access Vector**: remote **Security Risk**: high **Vulnerability**: CWE-352 **CVSS Base Score**: 8.3 (High) **CVE-ID**: CVE-2016-7980 ### Proof of Concept http://spip-dev.srv/ecrire/?exec=valider_xml&var_url=/tmp/directory&ext=html ### Timeline (dd/mm/yyyy) * 15/09/2016 : Initial discovery * 26/09/2016 : Contact with SPIP Team * 27/09/2016 : Answer from SPIP Team, sent advisory details * 28/09/2016 : Fixes issued for CSRF * 30/09/2016 : SPIP 3.1.3 Released ### Fixes * https://core.spip.net/projects/spip/repository/revisions/23200 * https://core.spip.net/projects/spip/repository/revisions/23201 * https://core.spip.net/projects/spip/repository/revisions/23202 ### Affected versions * Version <= 3.1.2 ### Credits * Nicolas CHATELAIN, Sysdream (n.chatelain -at- sysdream -dot- com) -- SYSDREAM Labs <labs@...dream.com> GPG : 47D1 E124 C43E F992 2A2E 1551 8EB4 8CD9 D5B2 59A1 * Website: https://sysdream.com/ * Twitter: @sysdream Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.