CVE-2009-3041

EXPLOITED IN THE WILD

Spip - Access Control

Title source: rule

Description

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kernel_Panik · pythonwebappsphp
https://www.exploit-db.com/exploits/9448

References (5)

Scores

EPSS 0.0384
EPSS Percentile 88.2%

Details

VulnCheck KEV 2009-08-06
InTheWild.io 2017-08-17
CWE
CWE-264
Status published
Products (17)
spip/spip 1.9 (2 CPE variants)
spip/spip 1.9.1
spip/spip 1.9.2c
spip/spip 1.9.2d
spip/spip 1.9.2g
spip/spip 1.9.2h
spip/spip 1.9.alpha1
spip/spip 2.0 rc1
spip/spip 2.0.0
spip/spip 2.0.1
... and 7 more
Published Sep 01, 2009
Tracked Since Feb 18, 2026