Candidate: CVE-2009-3041
PublicDate: 2009-09-01 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3041
 http://www.spip-contrib.net/SPIP-Security-Alert-new-version
Description:
 SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access
 control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which
 allows remote attackers to conduct unauthorized activities related to
 installation and backups, as exploited in the wild in August 2009.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_spip:
upstream_spip: needs-triage
dapper_spip: ignored (reached end-of-life)
hardy_spip: DNE
intrepid_spip: DNE
jaunty_spip: DNE
karmic_spip: ignored (reached end-of-life)
lucid_spip: not-affected (2.0.9-1)
maverick_spip: not-affected (2.0.9-1)
natty_spip: not-affected (2.0.9-1)
devel_spip: not-affected (2.0.9-1)