CVE-2016-3154

The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.16:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.15:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.19:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.19:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.0.20:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*

Information

Published : 2016-04-08 07:59

Updated : 2016-04-14 14:49


NVD link : CVE-2016-3154

Mitre link : CVE-2016-3154


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

spip

  • spip