CVE-2019-19830
Ubuntu Security Notice USN-4536-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
El archivo _core_/plugins/medias en SPIP versiones 3.2.x anteriores a la versiĆ³n 3.2.7, permite a autores autenticados remotos inyectar contenido de la base de datos.
Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting attacks. Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could possibly use this issue to cause SPIP to enumerate registered users. Guillaume Fahrner discovered that SPIP did not properly sanitize input. A remote authenticated attacker could possibly use this issue to execute arbitrary code on the host server. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-17 CVE Reserved
- 2019-12-17 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69 | 2022-05-03 |
| URL | Date | SRC |
|---|---|---|
| https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html | 2022-05-03 | |
| https://usn.ubuntu.com/4536-1 | 2022-05-03 | |
| https://www.debian.org/security/2019/dsa-4583 | 2022-05-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Spip Search vendor "Spip" | Spip Search vendor "Spip" for product "Spip" | >= 3.2.0 < 3.2.7 Search vendor "Spip" for product "Spip" and version " >= 3.2.0 < 3.2.7" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||