KEVIntel
PRO Back to KEVs
7.5
CVSS
High

CVE-2009-3041

PUBLISHED

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which...

Not yet in CISA KEV

Exploited in the wild Remote Low complexity
Vendor
SPIP
Product
SPIP
Published
Sep 01, 2009
EPSS

Automate This Intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.

php

CVSS Scores

CVSS v2.0 7.5 High

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation Status

Exploited in the wild

Recorded 2009-09-01 18:04:00 UTC · CVE

References

Known Exploited Vulnerability Sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE First 2009-09-01 18:04 UTC

Timeline

  • Added to KEVIntel

  • CVE Published to Public

  • CVE ID Reserved