Page 2 of 16 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. Una vulnerabilidad de inyección PHP en Spip versiones anteriores a v3.2.8, permite a atacantes ejecutar código PHP arbitrario por medio del parámetro _oups en /ecrire • https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me https://www.root-me.org/fr/Informations/Faiblesses-decouvertes • CWE-116: Improper Encoding or Escaping of Output •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. SPIP versiones anteriores a 3.2.14 y versiones 4.x anteriores a 4.0.5, permite a editores remotos autenticados ejecutar código arbitrario • https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html https://lists.debian.org/debian-security-announce/2022/msg00060.html •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. SPIP versiones anteriores a 3.2.14 y versiones 4.x anteriores a 4.0.5, permite el acceso no autenticado a información sobre objetos editoriales • https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html https://lists.debian.org/debian-security-announce/2022/msg00060.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. El archivo prive/formulaires/configurer_preferences.php en SPIP versión anterior a 3.2.8, no valida correctamente los parámetros couleur, display, display_navigation, display_outils, imessage y spip_ecran • https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8 https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8 https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html https://www.debian.org/security/2020/dsa-4798 •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. El archivo _core_/plugins/medias en SPIP versiones 3.2.x anteriores a la versión 3.2.7, permite a autores autenticados remotos inyectar contenido de la base de datos. • https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69 https://usn.ubuntu.com/4536-1 https://www.debian.org/security/2019/dsa-4583 https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias •