CVE-2016-7982: Path Traversal

January 18, 2017 (updated May 24, 2017)

Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.

References

www.securityfocus.com/bid/93451
core.spip.net/projects/spip/repository/revisions/23200
nvd.nist.gov/vuln/detail/CVE-2016-7982

Detect and mitigate CVE-2016-7982 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →