CVE-2019-16391

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 3.1.11 SPIP versions 3.2 prior to 3.2.5

Description The issue is related to improper authorization in the SPIP content management system. It allows a remote attacker to compromise data integrity. Specifically, the problem is associated with files ecrire/inc/meta.php and ecrire/inc/securiser action.php, enabling authenticated visitors to modify published content and execute other database modifications.

Recommendations For SPIP versions prior to 3.1.11, update to version 3.1.11 or later. For SPIP versions 3.2 prior to 3.2.5, update to version 3.2.5 or later.