PHP Object Injection Vulnerability in SPIP Web Publishing System
CVE-2016-3154
9.8CRITICAL
Summary
The encoder_contexte_ajax function in ecrire/inc/filtres.php within certain versions of the SPIP Web Publishing System is susceptible to PHP object injection vulnerabilities. This flaw allows attackers to manipulate serialized objects, potentially executing arbitrary PHP code remotely. Versions prior to 2.1.19, 3.0.22, and 3.1.1 have been identified as vulnerable, necessitating immediate updates to mitigate risks associated with this exploitation potential.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved