ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-18T17:00:00

Updated: 2024-08-06T02:13:21.810Z

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7999

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-01-18T17:59:01.107

Modified: 2024-11-21T02:58:52.920

Link: CVE-2016-7999

cve-icon Redhat

No data.