vulnerability announce 11817
SPIP: disclosure of the database name
Synthesis of the vulnerability
An attacker can generate an error in SPIP, in order to obtain the database name.Impacted products:
Description of the vulnerability
The SPIP service supports MySQL and SQLite databases.
The traite_query() function of the ecrire/req/mysql.php file changes the name of SQL tables. The sqlite_traiter_requete() function of the ecrire/req/sqlite_generique.php file converts SQL queries to the SQLite format.
Both functions extract text strings located inside queries, before processing the query, and then reinjects strings. However, if a SQL query contains a nested "SELECT" field, the substitution is not correctly done.
An attacker can therefore generate an error in SPIP, in order to obtain the database name.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a computer vulnerability database
. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.