CVE-2009-3041

Published: 1 September 2009

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.

Priority

Status

Package	Release	Status
spip Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Ignored (end of life)
	lucid	Not vulnerable (2.0.9-1)
	maverick	Not vulnerable (2.0.9-1)
	natty	Not vulnerable (2.0.9-1)
	upstream	Needs triage

References

http://www.spip-contrib.net/SPIP-Security-Alert-new-version
https://www.cve.org/CVERecord?id=CVE-2009-3041
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.