1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2009-3041
PublicDate: 2009-09-01
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3041
http://www.spip-contrib.net/SPIP-Security-Alert-new-version
Description:
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access
control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which
allows remote attackers to conduct unauthorized activities related to
installation and backups, as exploited in the wild in August 2009.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_spip:
upstream_spip: needs-triage
dapper_spip: ignored (reached end-of-life)
hardy_spip: DNE
intrepid_spip: DNE
jaunty_spip: DNE
karmic_spip: ignored (reached end-of-life)
lucid_spip: not-affected (2.0.9-1)
maverick_spip: not-affected (2.0.9-1)
natty_spip: not-affected (2.0.9-1)
devel_spip: not-affected (2.0.9-1)
|