18 Jan 2017
CVE-2016-7980 - CVE Vulnerability
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. (CVSS:0.0) (Last Update:2017-01-18)
Vulnerability Details : Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. Publish Date : 2017-01-18 Last Update Date : 2017-01-18 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2016-7980
- References For CVE-2016-7980
| |||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2016-7980There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |