SPIP 3.1 prior to 3.1.10 and 3.2 prior to 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
spip spip |
||
debian debian linux 9.0 |