CVE-2016-7999

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*

Information

Published : 2017-01-18 09:59

Updated : 2017-05-23 18:29


NVD link : CVE-2016-7999

Mitre link : CVE-2016-7999


JSON object : View

CWE
CWE-918

Server-Side Request Forgery (SSRF)

Advertisement

dedicated server usa

Products Affected

spip

  • spip