SPIP prior to 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
spip spip 4.2.0 |
||
spip spip |
||
debian debian linux 11.0 |