Covered by FixVibehigh

ZXCVVAKATAWASEWASEGI0. Vakayacori ni kode vakayawa ena SPIP ena ivakatakilakila ni ivakaraitaki (ZXCV ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE1 SPIP 3.1.2 kei na kena e liu era sa vakaleqai tu ena veivakamatei ni kode ni vakayawa ena veivakacacani ni ivakaraitaki ena faile ni HTML vakau cake. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE2. SPIP vakadewa 3.1.2 kei na kena e liu e tiko kina e dua na malumalumu ena dauvolavola ni ivakaraitaki. Na dauvakacaca vakadeitaki e rawa ni vakauta na faile ni HTML vata kei na Crafted VAKATARA se VAKATARA na ivakatakilakila me vakayacora na code ni PHP vakaveitalia ena dauveiqaravi. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE3. ## Veivakaleqai ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE4. E dua na dauvakacaca vakadeitaki e rawa ni vakayacora na ivakatakilakila ni PHP ena itukutuku ni veiqaravi ni CVE-2016-7998. Oqo e rawa kina na taucoko ni ivakarau ni veivakadonui, oka kina na itukutuku exfiltration, veisautaki ni itukutuku ni vanua, kei na toso ni lateral ena loma ni vanua ni veivakamarautaki ZXCVFIXVIBETOKEN1ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEGA5. ## Vuna ZXCVVAKATAWASEWASEI ZXCVVAKAVUVULI6. Na malumalumu e tiko ena SPIP ivakaraitaki ni dauvolavola kei na veitiki ni dauvolavola ZXCVFIXVIBETOKEN3ZXCV. Na ivakarau e sega ni rawa ni vakadeitaka vakavinaka se vakasavasavataka na vakacuru ilavo ena loma ni ivakatakilakila ni ivakaraitaki vakatabakidua ena gauna e vakayacori kina na faile vakau ZXCVFIXVIBETOKEN4ZXCV. Vakabibi, na dauvakasoqoni vata e cala na kena qaravi na ivakatakilakila ni ZXCV se ZXCV ena loma ni faile ni HTML. Ni dua na dauvakacaca e rawata na faile vakau oqo ena ZXCVFIXVIBETOKEN2ZXCV cakacaka, na tags ca e vakayacori, ka vakavuna na PHP code vakamatei ZXCVFIXVIBETOKEN6ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE77. ## Vakadewa e vakaleqai ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEG8. * SPIP vakadewa 3.1.2 kei na vakadewa kece sara e liu. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASE9. ## Veivakadodonutaki ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI10 Vakavoutaka na SPIP ki na dua na vakadewa vou cake mai na 3.1.2 me wali kina na malumalumu oqo. Vakadeitaka ni sa vakatabui sara ga na veivakadonui ni vakau faile vei ira na vakayagataka na veiliutaki nuitaki ka sega ni maroroi na faile vakau ena veivanua e rawa ni vakayacora kina na dauveiqaravi ni itukutuku me vaka na volavola ZXCVFIXVIBETOKEN1ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI11 ## Na sala e vakatovolei kina ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI12 E rawa ni raica na malumalumu oqo ena rua na iwalewale taumada: ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI13 1. Passive na iqaqalo ni liga: Ena kena vakadikevi na ulutaga ni isau ni HTTP se na ivakatakilakila ni meta vakatabakidua ena ivurevure ni HTML, e rawa ni kilai na ZXCVFIXVIBETOKEN2ZXCV na ivakarau ni cici ni SPIP CVE-2016-7998. Kevaka e vakadewataki na 3.1.2 se lailai sobu, ena vakavuna e dua na ivakasala cecere-bibi ZXCVVakacacani1ZXCV. ZXCVVAKATAWASEWASEI ZXCVVAKATAWASEWASEI14 2. Vakatovotovo ni itukutuku: Vei ira na vakayagataka era semati ira na nodra itukutuku ni ZXCVFIXVIBETOKEN2ZXCV, na ZXCVFIXVIBETOKEN1ZXCV ni repo scanner e rawa ni dikeva na faile ni vakararavi se na vakadewa-vakamacalataka na veisau ena ivurevure ni SPIP me kilai kina na vakacurumi vakaloloma ZXCVZXKCVEN.

SPIP versions 3.1.2 and earlier contain a vulnerability in the template composer. Authenticated attackers can upload HTML files with crafted INCLUDE or INCLURE tags to execute arbitrary PHP code on the server.

CVE-2016-7998CWE-20

Impact

An authenticated attacker can execute arbitrary PHP code on the underlying web server [S1]. This allows for complete system compromise, including data exfiltration, modification of site content, and lateral movement within the hosting environment [S1].

Root Cause

The vulnerability exists in the SPIP template composer and compiler components [S1]. The system fails to properly validate or sanitize input within specific template tags when processing uploaded files [S1]. Specifically, the compiler incorrectly handles crafted INCLUDE or INCLURE tags inside HTML files [S1]. When an attacker accesses these uploaded files through the valider_xml action, the malicious tags are processed, leading to PHP code execution [S1].

Affected Versions

SPIP versions 3.1.2 and all prior versions [S1].

Remediation

Update SPIP to a version newer than 3.1.2 to address this vulnerability [S1]. Ensure that file upload permissions are strictly restricted to trusted administrative users and that uploaded files are not stored in directories where the web server can execute them as scripts [S1].

How FixVibe tests for it

FixVibe could detect this vulnerability through two primary methods:

Passive Fingerprinting: By analyzing HTTP response headers or specific meta tags in the HTML source, FixVibe can identify the running version of SPIP [S1]. If the version is 3.1.2 or lower, it would trigger a high-severity alert [S1].
Repository Scanning: For users who connect their GitHub repositories, FixVibe's repo scanner can inspect dependency files or version-defining constants in the SPIP source code to identify vulnerable installations [S1].