What is CVE-2013-4557?

CVE-2013-4557 is a vulnerability in Spip, classified under Code Injection. Published 2013-11-18.

Is CVE-2013-4557 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Spip

CVE-2013-4557

The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.695 (98.7th percentile) — read the EPSS interpretation.

Affected products

Spip — versions 3.0.0, 3.0.1, 3.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

DSA-2794 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM)
1029317 (vdb-entry, x_refsource_SECTRACK)
[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip (mailing-list, x_refsource_MLIST)
55551 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)

Frequently asked questions

What is CVE-2013-4557?: CVE-2013-4557 is a vulnerability in Spip, classified under Code Injection. Published 2013-11-18.
Is CVE-2013-4557 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.