CVE-2016-7980 -- spipID: oval:org.secpod.oval:def:1901156 | Date: (C)2019-03-04 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
Cross-site request forgery vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
Platform: |
Ubuntu 16.04 |
Ubuntu 14.04 |