CVE-2017-9736

SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:spip:spip:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:beta:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2:alpha-1:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:beta:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:rc:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:rc2:*:*:*:*:*:*

Information

Published : 2017-06-17 09:29

Updated : 2017-11-03 18:29


NVD link : CVE-2017-9736

Mitre link : CVE-2017-9736


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

spip

  • spip