Fluid Attacks Database

Description

PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	spip	>=0 <2.0.6-1	2.0.6-1
debian 13	spip	>=0 <2.0.6-1	2.0.6-1
debian 14	spip	>=0 <2.0.6-1	2.0.6-1

Aliases

1. CVE-2007-45252. NVD-2007-45253. OSV-DEBIAN-2007-45254. OSV-2007-45255. SECURITY-TRACKER-CVE-2007-4525

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.