Launchpad.net

CVE 2016-3153

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

See the CVE page on Mitre.org for more details.

References