Cerdica

Name of the Vulnerable Software and Affected Versions: SPIP versions prior to 3.2.8 Description: The issue is related to the insufficient validation of parameters in the prive/formulaires/configurer preferences.php component of the SPIP content management system. Specifically, the `couleur`, `display`, `display navigation`, `display outils`, `imessage`, and `spip ecran` parameters are not properly validated. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. Recommendations: For SPIP versions prior to 3.2.8, update to version 3.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable prive/formulaires/configurer preferences.php component until a patch is applied. Avoid using the vulnerable parameters `couleur`, `display`, `display navigation`, `display outils`, `imessage`, and `spip ecran` in the affected component until the issue is resolved.