VYPR
Unrated severityNVD Advisory· Published Sep 1, 2009· Updated Jun 16, 2026

CVE-2009-3041

CVE-2009-3041

Description

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

19
  • Spip/Spip19 versions
    cpe:2.3:a:spip:spip:1.9:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:spip:spip:1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:1.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:1.9.2c:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:1.9.2d:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:1.9.2g:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:1.9.2h:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:1.9.alpha1:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:1.9:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:2.0:rc1:*:*:*:*:*:*
    • (no CPE)range: < 1.9.2i, <= 2.0.8

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.