CVE-2016-3154
Published on: 04/08/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:03 PM UTC
Certain versions of Spip from Spip contain the following vulnerability:
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
- CVE-2016-3154 has been assigned by
[email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 7.5 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Révision 22903 - Report de r22872 : Fix #3680 : on change le format du contexte ajax pour pouv... - SPIP - SPIP Core (Forge de développement) | core.spip.net text/html |
![]() |
Debian -- Security Information -- DSA-3518-1 spip | www.debian.org Depreciated Link text/html |
![]() |
Mise à jour CRITIQUE de sécurité - Sortie de SPIP 3.1.1, SPIP 3.0.22 et SPIP (...) - SPIP Blog | Patch Vendor Advisory blog.spip.net text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Spip | Spip | 2.0.0 | All | All | All |
Application | Spip | Spip | 2.0.1 | All | All | All |
Application | Spip | Spip | 2.0.10 | All | All | All |
Application | Spip | Spip | 2.0.11 | All | All | All |
Application | Spip | Spip | 2.0.12 | All | All | All |
Application | Spip | Spip | 2.0.13 | All | All | All |
Application | Spip | Spip | 2.0.14 | All | All | All |
Application | Spip | Spip | 2.0.15 | All | All | All |
Application | Spip | Spip | 2.0.16 | All | All | All |
Application | Spip | Spip | 2.0.17 | All | All | All |
Application | Spip | Spip | 2.0.18 | All | All | All |
Application | Spip | Spip | 2.0.19 | All | All | All |
Application | Spip | Spip | 2.0.2 | All | All | All |
Application | Spip | Spip | 2.0.20 | All | All | All |
Application | Spip | Spip | 2.0.21 | All | All | All |
Application | Spip | Spip | 2.0.22 | All | All | All |
Application | Spip | Spip | 2.0.3 | All | All | All |
Application | Spip | Spip | 2.0.4 | All | All | All |
Application | Spip | Spip | 2.0.5 | All | All | All |
Application | Spip | Spip | 2.0.6 | All | All | All |
Application | Spip | Spip | 2.0.7 | All | All | All |
Application | Spip | Spip | 2.0.8 | All | All | All |
Application | Spip | Spip | 2.0.9 | All | All | All |
Application | Spip | Spip | 2.1.1 | All | All | All |
Application | Spip | Spip | 2.1.10 | All | All | All |
Application | Spip | Spip | 2.1.11 | All | All | All |
Application | Spip | Spip | 2.1.12 | All | All | All |
Application | Spip | Spip | 2.1.13 | All | All | All |
Application | Spip | Spip | 2.1.14 | All | All | All |
Application | Spip | Spip | 2.1.15 | All | All | All |
Application | Spip | Spip | 2.1.16 | All | All | All |
Application | Spip | Spip | 2.1.17 | All | All | All |
Application | Spip | Spip | 2.1.18 | All | All | All |
Application | Spip | Spip | 2.1.19 | All | All | All |
Application | Spip | Spip | 2.1.2 | All | All | All |
Application | Spip | Spip | 2.1.3 | All | All | All |
Application | Spip | Spip | 2.1.4 | All | All | All |
Application | Spip | Spip | 2.1.5 | All | All | All |
Application | Spip | Spip | 2.1.6 | All | All | All |
Application | Spip | Spip | 2.1.7 | All | All | All |
Application | Spip | Spip | 2.1.8 | All | All | All |
Application | Spip | Spip | 2.1.9 | All | All | All |
Application | Spip | Spip | 3.0.0 | All | All | All |
Application | Spip | Spip | 3.0.1 | All | All | All |
Application | Spip | Spip | 3.0.10 | All | All | All |
Application | Spip | Spip | 3.0.11 | All | All | All |
Application | Spip | Spip | 3.0.13 | All | All | All |
Application | Spip | Spip | 3.0.14 | All | All | All |
Application | Spip | Spip | 3.0.15 | All | All | All |
Application | Spip | Spip | 3.0.16 | All | All | All |
Application | Spip | Spip | 3.0.17 | All | All | All |
Application | Spip | Spip | 3.0.19 | All | All | All |
Application | Spip | Spip | 3.0.2 | All | All | All |
Application | Spip | Spip | 3.0.20 | All | All | All |
Application | Spip | Spip | 3.0.3 | All | All | All |
Application | Spip | Spip | 3.0.4 | All | All | All |
Application | Spip | Spip | 3.0.5 | All | All | All |
Application | Spip | Spip | 3.0.6 | All | All | All |
Application | Spip | Spip | 3.0.7 | All | All | All |
Application | Spip | Spip | 3.0.8 | All | All | All |
Application | Spip | Spip | 3.0.9 | All | All | All |
Application | Spip | Spip | 3.1.0 | All | All | All |
Application | Spip | Spip | 2.0.0 | All | All | All |
Application | Spip | Spip | 2.0.1 | All | All | All |
Application | Spip | Spip | 2.0.10 | All | All | All |
Application | Spip | Spip | 2.0.11 | All | All | All |
Application | Spip | Spip | 2.0.12 | All | All | All |
Application | Spip | Spip | 2.0.13 | All | All | All |
Application | Spip | Spip | 2.0.14 | All | All | All |
Application | Spip | Spip | 2.0.15 | All | All | All |
Application | Spip | Spip | 2.0.16 | All | All | All |
Application | Spip | Spip | 2.0.17 | All | All | All |
Application | Spip | Spip | 2.0.18 | All | All | All |
Application | Spip | Spip | 2.0.19 | All | All | All |
Application | Spip | Spip | 2.0.2 | All | All | All |
Application | Spip | Spip | 2.0.20 | All | All | All |
Application | Spip | Spip | 2.0.21 | All | All | All |
Application | Spip | Spip | 2.0.22 | All | All | All |
Application | Spip | Spip | 2.0.3 | All | All | All |
Application | Spip | Spip | 2.0.4 | All | All | All |
Application | Spip | Spip | 2.0.5 | All | All | All |
Application | Spip | Spip | 2.0.6 | All | All | All |
Application | Spip | Spip | 2.0.7 | All | All | All |
Application | Spip | Spip | 2.0.8 | All | All | All |
Application | Spip | Spip | 2.0.9 | All | All | All |
Application | Spip | Spip | 2.1.1 | All | All | All |
Application | Spip | Spip | 2.1.10 | All | All | All |
Application | Spip | Spip | 2.1.11 | All | All | All |
Application | Spip | Spip | 2.1.12 | All | All | All |
Application | Spip | Spip | 2.1.13 | All | All | All |
Application | Spip | Spip | 2.1.14 | All | All | All |
Application | Spip | Spip | 2.1.15 | All | All | All |
Application | Spip | Spip | 2.1.16 | All | All | All |
Application | Spip | Spip | 2.1.17 | All | All | All |
Application | Spip | Spip | 2.1.18 | All | All | All |
Application | Spip | Spip | 2.1.19 | All | All | All |
Application | Spip | Spip | 2.1.2 | All | All | All |
Application | Spip | Spip | 2.1.3 | All | All | All |
Application | Spip | Spip | 2.1.4 | All | All | All |
Application | Spip | Spip | 2.1.5 | All | All | All |
Application | Spip | Spip | 2.1.6 | All | All | All |
Application | Spip | Spip | 2.1.7 | All | All | All |
Application | Spip | Spip | 2.1.8 | All | All | All |
Application | Spip | Spip | 2.1.9 | All | All | All |
Application | Spip | Spip | 3.0.0 | All | All | All |
Application | Spip | Spip | 3.0.1 | All | All | All |
Application | Spip | Spip | 3.0.10 | All | All | All |
Application | Spip | Spip | 3.0.11 | All | All | All |
Application | Spip | Spip | 3.0.13 | All | All | All |
Application | Spip | Spip | 3.0.14 | All | All | All |
Application | Spip | Spip | 3.0.15 | All | All | All |
Application | Spip | Spip | 3.0.16 | All | All | All |
Application | Spip | Spip | 3.0.17 | All | All | All |
Application | Spip | Spip | 3.0.19 | All | All | All |
Application | Spip | Spip | 3.0.2 | All | All | All |
Application | Spip | Spip | 3.0.20 | All | All | All |
Application | Spip | Spip | 3.0.3 | All | All | All |
Application | Spip | Spip | 3.0.4 | All | All | All |
Application | Spip | Spip | 3.0.5 | All | All | All |
Application | Spip | Spip | 3.0.6 | All | All | All |
Application | Spip | Spip | 3.0.7 | All | All | All |
Application | Spip | Spip | 3.0.8 | All | All | All |
Application | Spip | Spip | 3.0.9 | All | All | All |
Application | Spip | Spip | 3.1.0 | All | All | All |
- cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.19:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.3:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.4:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.5:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.6:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.7:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.8:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.9:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.10:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.11:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.13:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.14:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.15:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.16:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.17:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.19:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.20:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.7:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.8:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.9:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.19:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.3:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.4:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.5:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.6:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.7:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.8:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:2.1.9:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.10:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.11:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.13:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.14:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.15:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.16:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.17:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.19:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.20:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.4:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.5:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.7:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.8:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.0.9:*:*:*:*:*:*:*:
- cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE