SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
spip spip |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
canonical ubuntu linux 18.04 |