Published: 17/09/2019 Updated: 28/09/2020
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Vulnerability Summary

SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

spip spip

Vendor Advisories

It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database, perform cross-site request forgeries, and enumerate registered users For the oldstable distribution (stretch), these problems have been fixed in version 314-4~deb9u3 For the stable distribution ( ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4532-1 security () debian org wwwdebianorg/security/ Sebastien Delafond September 25, 2019 wwwdebianorg/security/faq ...