{"id":"CVE-2016-3154","details":"The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.","modified":"2026-03-13T22:21:36.234096Z","published":"2016-04-08T14:59:04.707Z","references":[{"type":"WEB","url":"https://core.spip.net/projects/spip/repository/revisions/22903"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3518"},{"type":"FIX","url":"https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3154.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.8"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.9"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.10"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.11"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.12"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.13"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.14"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.15"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.16"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.17"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.18"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.19"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.20"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.21"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.22"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.5"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.6"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.7"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.8"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.9"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.10"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.11"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.12"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.13"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.14"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.15"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.16"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.17"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.18"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.19"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.9"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.11"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.13"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.14"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.15"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.16"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.17"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.19"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.20"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}