Posted by Sysdream Labs on Oct 19

## SPIP 3.1.2 Exec Code Cross-Site Request Forgery (CVE-2016-7980)

### Product Description

SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments
and ease of use. It is free software, distributed under the GNU/GPL licence.

### Vulnerability Description

The vulnerable request to `valider_xml` (see: *SPIP 3.1.2 Template Compiler/Composer PHP Code Execution –
CVE-2016-7998*) is…