Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-v7f1-2tph-eud8
Vulnerability ID VCID-v7f1-2tph-eud8
Aliases CVE-2013-4557
Summary several
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.69494 https://api.first.org/data/v1/epss?cve=CVE-2013-4557
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2013-4557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4557
729172 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729172
Data source Metasploit
Description This module exploits a PHP code injection vulnerability in SPIP. The vulnerability exists in the connect parameter, allowing an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1, and 3 are affected. Vulnerable versions are < 2.0.21, < 2.1.16, and < 3.0.3. This module is compatible with both Unix/Linux and Windows platforms, and has been successfully tested on SPIP 2.0.11 and SPIP 2.0.20 on Apache running on Ubuntu, Fedora, and Windows Server.
Note 
Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
Ransomware campaign use Unknown
Source publication date July 4, 2012
Platform Linux,PHP,Unix,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/spip_connect_exec.rb
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.98673
EPSS Score 0.69494
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T10:13:06.434533+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 38.6.0