Fluid Attacks Database

Description

The Security Screen (core/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	spip	>=0 <2.1.24-1	2.1.24-1
debian 13	spip	>=0 <2.1.24-1	2.1.24-1
debian 14	spip	>=0 <2.1.24-1	2.1.24-1

Aliases

1. CVE-2013-45572. NVD-2013-45573. OSV-DEBIAN-2013-45574. OSV-2013-45575. SECURITY-TRACKER-CVE-2013-4557

References

1. https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/spip_connect_exec.rb

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.