SPIP Authorization Check Privilege Escalation Vulnerability
BID:50727
Info
SPIP Authorization Check Privilege Escalation Vulnerability
| Bugtraq ID: | 50727 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 18 2011 12:00AM |
| Updated: | Nov 18 2011 12:00AM |
| Credit: | High-Tech Bridge SA Security Research Lab |
| Vulnerable: |
SPIP SPIP 2.1 SPIP SPIP 2.0.9 SPIP SPIP 2.0.7 SPIP SPIP 2.0.2 SPIP SPIP 2.1.9 SPIP SPIP 2.1.8 SPIP SPIP 2.1.7 SPIP SPIP 2.1.10 SPIP SPIP 2.0.14 SPIP SPIP 2.0 RC1 SPIP SPIP 2.0 |
| Not Vulnerable: |
SPIP SPIP 2.1.12 |
Discussion
SPIP Authorization Check Privilege Escalation Vulnerability
SPIP is prone to a remote privilege-escalation vulnerability.
Attackers can exploit this issue to gain administrative access to the affected application. Successful exploits will compromise the application.
Versions prior to SPIP 2.1.12 are vulnerable.
SPIP is prone to a remote privilege-escalation vulnerability.
Attackers can exploit this issue to gain administrative access to the affected application. Successful exploits will compromise the application.
Versions prior to SPIP 2.1.12 are vulnerable.
Exploit / POC
SPIP Authorization Check Privilege Escalation Vulnerability
An attacker can exploit this issue using a browser.
An attacker can exploit this issue using a browser.
Solution / Fix
SPIP Authorization Check Privilege Escalation Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
SPIP Authorization Check Privilege Escalation Vulnerability
References:
References:
- SPIP Homepage (SPIP)
- SPIP 1.9.2n, 2.0.17, 2.1.12 disponibles (Spip)