FixVibe
Covered by FixVibehigh

Egzekisyon Kòd Adistans nan SPIP atravè Tag Modèl (CVE-2016-7998) ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG1 SPIP 3.1.2 ak pi bonè yo vilnerab a Egzekisyon Kòd Remote atravè tags modèl move nan dosye HTML yo telechaje. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG2 Vèsyon SPIP 3.1.2 ak pi bonè genyen yon vilnerabilite nan konpozitè modèl la. Atakè otantifye yo ka telechaje fichye HTML ak etikèt INCLUDE oswa INCLURE ki fèt pou egzekite kòd PHP abitrè sou sèvè a. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG3 ## Enpak ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG4 Yon atakè otantifye ka egzekite kòd PHP abitrè sou sèvè entènèt ki kache CVE-2016-7998. Sa a pèmèt konpwomi sistèm konplè, ki gen ladan eksfiltrasyon done, modifikasyon kontni sit la, ak mouvman lateral nan anviwònman an hosting ZXCVFIXVIBETOKEN1ZXCV. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG5 ## Kòz Rasin ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG6 Vilnerabilite a egziste nan konpozan konpozitè ak konpilateur modèl SPIP ZXCVFIXVIBETOKEN3ZXCV. Sistèm nan echwe pou byen valide oswa dezenfekte opinyon nan tags modèl espesifik lè w ap trete dosye ki telechaje ZXCVFIXVIBETOKEN4ZXCV. Espesyalman, konpilatè a mal okipe fabrike CVE-2016-7998 oswa ZXCVFIXVIBETOKEN1ZXCV tags andedan dosye HTML ZXCVFIXVIBETOKEN5ZXCV. Lè yon atakè jwenn aksè nan dosye sa yo ki telechaje atravè aksyon ZXCVFIXVIBETOKEN2ZXCV, tags move yo trete, ki mennen nan ekzekisyon kòd PHP ZXCVFIXVIBETOKEN6ZXCV. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG7 ## Vèsyon ki afekte yo ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG8 * SPIP vèsyon 3.1.2 ak tout vèsyon anvan yo CVE-2016-7998. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG9 ## Ratrapaj ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG10 Mete ajou SPIP ak yon vèsyon ki pi nouvo pase 3.1.2 pou rezoud vilnerabilite sa a CVE-2016-7998. Asire w ke otorizasyon pou telechaje dosye yo entèdi pou itilizatè administratif ou fè konfyans yo e ke fichye telechaje yo pa estoke nan anyè kote sèvè entènèt la ka egzekite yo kòm scripts ZXCVFIXVIBETOKEN1ZXCV. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG11 ## Kijan CVE-2016-7998 teste pou li ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG12 CVE-2016-7998 te kapab detekte vilnerabilite sa a atravè de metòd prensipal: ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG13 1. **Anprent Djital Pasif:** Lè ZXCVFIXVIBETOKEN2ZXCV analize tèt repons HTTP oswa meta tags espesifik nan sous HTML, ZXCVFIXVIBETOKEN2ZXCV kapab idantifye vèsyon SPIP CVE-2016-7998 ki fonksyone. Si vèsyon an se 3.1.2 oswa pi ba, li ta deklanche yon alèt wo severite ZXCVFIXVIBETOKEN1ZXCV. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG14 2. **Eskanè depo:** Pou itilizatè ki konekte depo ZXCVFIXVIBETOKEN2ZXCV yo, scanner repo ZXCVFIXVIBETOKEN1ZXCV a kapab enspekte fichye depandans oswa konstan ki defini vèsyon nan kòd sous SPIP pou idantifye enstalasyon vilnerab CVE-2016-7998.

SPIP versions 3.1.2 and earlier contain a vulnerability in the template composer. Authenticated attackers can upload HTML files with crafted INCLUDE or INCLURE tags to execute arbitrary PHP code on the server.

CVE-2016-7998CWE-20

Impact

An authenticated attacker can execute arbitrary PHP code on the underlying web server [S1]. This allows for complete system compromise, including data exfiltration, modification of site content, and lateral movement within the hosting environment [S1].

Root Cause

The vulnerability exists in the SPIP template composer and compiler components [S1]. The system fails to properly validate or sanitize input within specific template tags when processing uploaded files [S1]. Specifically, the compiler incorrectly handles crafted INCLUDE or INCLURE tags inside HTML files [S1]. When an attacker accesses these uploaded files through the valider_xml action, the malicious tags are processed, leading to PHP code execution [S1].

Affected Versions

  • SPIP versions 3.1.2 and all prior versions [S1].

Remediation

Update SPIP to a version newer than 3.1.2 to address this vulnerability [S1]. Ensure that file upload permissions are strictly restricted to trusted administrative users and that uploaded files are not stored in directories where the web server can execute them as scripts [S1].

How FixVibe tests for it

FixVibe could detect this vulnerability through two primary methods:

  • Passive Fingerprinting: By analyzing HTTP response headers or specific meta tags in the HTML source, FixVibe can identify the running version of SPIP [S1]. If the version is 3.1.2 or lower, it would trigger a high-severity alert [S1].
  • Repository Scanning: For users who connect their GitHub repositories, FixVibe's repo scanner can inspect dependency files or version-defining constants in the SPIP source code to identify vulnerable installations [S1].