CVE-2007-4525
EPSS 0.93%
Description
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function
How to fix CVE-2007-4525
To remediate CVE-2007-4525, upgrade the affected package to a fixed version below.
- Debian/spip—upgrade to 2.0.6-1 or later
Is CVE-2007-4525 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.0.6-1