Vulnerability Description
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spip | Spip | 2.0.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2016/dsa-3518
- https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIPPatchVendor Advisory
- https://core.spip.net/projects/spip/repository/revisions/22903
- http://www.debian.org/security/2016/dsa-3518
- https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIPPatchVendor Advisory
- https://core.spip.net/projects/spip/repository/revisions/22903
FAQ
What is CVE-2016-3154?
CVE-2016-3154 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and ...
How severe is CVE-2016-3154?
CVE-2016-3154 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-3154?
Check the references section above for vendor advisories and patch information. Affected products include: Spip Spip.