VYPR
Critical severity9.8NVD Advisory· Published Jun 17, 2017· Updated Jun 17, 2026

CVE-2017-9736

CVE-2017-9736

Description

SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

15
  • Spip/Spip15 versions
    cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:alpha:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:rc:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.2.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.2.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.2:alpha-1:*:*:*:*:*:*
    • (no CPE)range: <3.1.6, <3.2 Beta 3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.