CVE-2016-7998: Improper Input Validation

January 18, 2017 (updated May 24, 2017)

The SPIP template composer/compiler in SPIP allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with crafted user input.

References

www.securityfocus.com/bid/93451
core.spip.net/projects/spip/repository/revisions/23186
core.spip.net/projects/spip/repository/revisions/23189
core.spip.net/projects/spip/repository/revisions/23192
nvd.nist.gov/vuln/detail/CVE-2016-7998

Detect and mitigate CVE-2016-7998 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →