VDB
CVE-2016-7998
CVE-2016-7998
PUBLISHED
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
EPSS 23.15% · 96.0th percentile
Risk Scores
EPSS Score
23.15%
96.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | spip | 0, 3.0.20-1, 3.0.21-1 |
Exploit Intelligence
- CIRCL exploited: CVE-2016-7998 (circl-sighting)
- https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/ (circl)
- https://core.spip.net/projects/spip/repository/revisions/23192 (circl)
- https://core.spip.net/projects/spip/repository/revisions/23186 (circl)
- [oss-security] 20161007 Re: SPIP vulnerabilities: request for 5 CVE (circl)
- [oss-security] 20161008 Re: SPIP vulnerabilities: request for 5 CVE (circl)
- 93451 (circl)
- [oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE (circl)
- https://core.spip.net/projects/spip/repository/revisions/23189 (circl)
- SPIP 3.1.2 Template Compiler / Composer PHP Code Execution (0day-today)
…and 3 more exploits
Timeline
- Oct 20, 2016 PoC Published
- Oct 20, 2016 PoC Published
- Jan 18, 2017 CVE Published
- May 24, 2017 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-7998 third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/10/12/9 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-7998 third-party-advisory