Zero-day vulnerability in SPIP

Improper access control

The vulnerability was reported by vendor after successful compromise of vendor's website. The attackers hacked the website and were spreading malware.

Vulnerability details

Advisory: SB2009080601 - Improper access control in SPIP

Vulnerable component: SPIP

CVE-ID: CVE-2009-3041

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-284 - Improper Access Control


The vulnerability allows a remote attacker to gain access to the target system.

The weakness exists due to improper access control related to installations and backups. A remote attacker can bypass implemented security control and compromise vulnerable website.

Successful exploitation of the vulnerability results in access to the vulnerable system.

Note: the vulnerability was being actively exploited.

Public Exploits: