CVE-2009-3041

Published: Sep 1, 2009Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.

Affected (18)

Products: Spip: Spip

Spip

1 product

Spip

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Spip Spip	Version 1.9.1
Spip Spip	Version 1.9.2c
Spip Spip	Version 1.9.2d
Spip Spip	Version 1.9.2g
Spip Spip	Version 1.9.2h
Spip Spip	Version 1.9.alpha1
Spip Spip	Version 1.9
Spip Spip	Version 1.9 alpha2
Spip Spip	Version 2.0.0
Spip Spip	Version 2.0.1
Spip Spip	Version 2.0.2
Spip Spip	Version 2.0.3
Spip Spip	Version 2.0.4
Spip Spip	Version 2.0.5
Spip Spip	Version 2.0.6
Spip Spip	Version 2.0.7
Spip Spip	Version 2.0.8
Spip Spip	Version 2.0 rc1