CVE-2016-7982 — Vulnetix

CVE-2016-7982 PUBLISHED

Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.

EPSS 32.66% · 97.0th percentile

Risk Scores

EPSS Score

32.66%

97.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	spip	0, 3.0.20-1, 3.0.21-1

Exploit Intelligence

CIRCL exploited: CVE-2016-7982 (circl-sighting)
93451 (circl)
https://core.spip.net/projects/spip/repository/revisions/23200 (circl)
[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE (circl)
[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE (circl)
https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/ (circl)
[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal (circl)
SPIP 3.1.2 File Enumeration / Path Traversal Vulnerabilities (0day-today)
SPIP 3.1.2 File Enumeration / Path Traversal Vulnerabilities (0day-today)

Timeline

Oct 20, 2016 PoC Published
Oct 20, 2016 PoC Published
Jan 18, 2017 CVE Published
May 24, 2017 CVE Updated
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 25, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-7982 third-party-advisory
https://core.spip.net/projects/spip/repository/revisions/23200 third-party-advisory
https://core.spip.net/projects/spip/repository/revisions/23201 third-party-advisory
https://core.spip.net/projects/spip/repository/revisions/23202 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-7982 third-party-advisory

Open in Interactive Console →