Spip · Spip · CVE-2019-16393
**Name of the Vulnerable Software and Affected Versions**
SPIP versions prior to 3.1.11
SPIP versions prior to 3.2.5
**Description**
The issue is related to the mishandling of redirect URLs in the ecrire/inc/headers.php file, specifically when a %0D, %0A, or %20 character is present. This can lead to a potential redirect to an unreliable site, allowing a remote attacker to compromise data integrity.
**Recommendations**
For SPIP versions prior to 3.1.11, update to version 3.1.11 or later.
For SPIP versions prior to 3.2.5, update to version 3.2.5 or later.