Arbitrary PHP Code Execution in SPIP Versions 2.x, 3.0.x, and 3.1.x

Arbitrary PHP Code Execution in SPIP Versions 2.x, 3.0.x, and 3.1.x

CVE-2016-3153 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

Learn more about our Web Application Penetration Testing UK.