Fluid Attacks Database

Description

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	spip/spip	>=2.0.0 <=2.0.22 \|\| >=2.1.1 <=2.1.18 \|\| >=3.0.0 <=3.0.11 \|\| >=3.0.13 <=3.0.17 \|\| >=3.0.19 <=3.0.20 \|\| =3.1.0	3.1.10
debian 11	spip	>=0 <3.0.22-1	3.0.22-1
debian 13	spip	>=0 <3.0.22-1	3.0.22-1
debian 14	spip	>=0 <3.0.22-1	3.0.22-1

Aliases

1. CVE-2016-31532. NVD-2016-31533. OSV-2016-31534. OSV-DEBIAN-2016-31535. GCVE-2016-31536. SECURITY-TRACKER-CVE-2016-3153

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.