PT-2019-5067 · Spip+1 · Spip+1
Guillaume Fahrner
·
Publicado
2019-04-10
·
Atualizado
2020-09-28
·
CVE-2019-11071
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SPIP versions 3.1 through 3.1.9
SPIP versions 3.2 through 3.2.3
Description
The issue is related to insufficient input validation in the content management system, allowing an attacker to execute arbitrary code. This can be exploited by authenticated visitors, potentially leading to the execution of arbitrary code on the host server due to the mishandling of
var memotri.Recommendations
For SPIP versions 3.1 through 3.1.9, update to version 3.1.10 or later.
For SPIP versions 3.2 through 3.2.3, update to version 3.2.4 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Spip
Ubuntu