Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-177n-axem-mqcx
Vulnerability ID VCID-177n-axem-mqcx
Aliases CVE-2016-7999
Summary ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-918 Server-Side Request Forgery (SSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00748 https://api.first.org/data/v1/epss?cve=CVE-2016-7999
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2016-7999
https://core.spip.net/projects/spip/repository/revisions/23188
https://core.spip.net/projects/spip/repository/revisions/23193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7999
http://www.securityfocus.com/bid/93451
CVE-2016-7999 https://nvd.nist.gov/vuln/detail/CVE-2016-7999
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.73403
EPSS Score 0.00748
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T13:42:38.658622+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0