we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability announce 11817

SPIP: disclosure of the database name

Synthesis of the vulnerability

An attacker can generate an error in SPIP, in order to obtain the database name.
Impacted products: SPIP.
Severity: 1/4.
Creation date: 02/08/2012.
Identifiers: VIGILANCE-VUL-11817.

Description of the vulnerability

The SPIP service supports MySQL and SQLite databases.

The traite_query() function of the ecrire/req/mysql.php file changes the name of SQL tables. The sqlite_traiter_requete() function of the ecrire/req/sqlite_generique.php file converts SQL queries to the SQLite format.

Both functions extract text strings located inside queries, before processing the query, and then reinjects strings. However, if a SQL query contains a nested "SELECT" field, the substitution is not correctly done.

An attacker can therefore generate an error in SPIP, in order to obtain the database name.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability database. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.