Vulnerabilities > Spip > Spip > 1.8.2d
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-09 | CVE-2006-0625 | Remote Command Execution vulnerability in Spip 1.8.2D/1.8.2E/1.8.2G Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3. | 6.4 |