SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Spip | Spip | 1.9 (including) | 1.9 (including) |
| Spip | Spip | 1.9-alpha2 (including) | 1.9-alpha2 (including) |
| Spip | Spip | 1.9.1 (including) | 1.9.1 (including) |
| Spip | Spip | 1.9.2c (including) | 1.9.2c (including) |
| Spip | Spip | 1.9.2d (including) | 1.9.2d (including) |
| Spip | Spip | 1.9.2g (including) | 1.9.2g (including) |
| Spip | Spip | 1.9.2h (including) | 1.9.2h (including) |
| Spip | Spip | 1.9.alpha1 (including) | 1.9.alpha1 (including) |
| Spip | Spip | 2.0-rc1 (including) | 2.0-rc1 (including) |
| Spip | Spip | 2.0.0 (including) | 2.0.0 (including) |
| Spip | Spip | 2.0.1 (including) | 2.0.1 (including) |
| Spip | Spip | 2.0.2 (including) | 2.0.2 (including) |
| Spip | Spip | 2.0.3 (including) | 2.0.3 (including) |
| Spip | Spip | 2.0.4 (including) | 2.0.4 (including) |
| Spip | Spip | 2.0.5 (including) | 2.0.5 (including) |
| Spip | Spip | 2.0.6 (including) | 2.0.6 (including) |
| Spip | Spip | 2.0.7 (including) | 2.0.7 (including) |
| Spip | Spip | 2.0.8 (including) | 2.0.8 (including) |
| Spip | Ubuntu | dapper | * |
| Spip | Ubuntu | karmic | * |