CVE-2019-16391

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 3.1.11 SPIP versions 3.2 prior to 3.2.5

Description The issue is related to improper authorization in the SPIP content management system. It allows a remote attacker to compromise data integrity. Specifically, the problem is associated with files ecrire/inc/meta.php and ecrire/inc/securiser action.php, enabling authenticated visitors to modify published content and execute other database modifications.

Recommendations For SPIP versions prior to 3.1.11, update to version 3.1.11 or later. For SPIP versions 3.2 prior to 3.2.5, update to version 3.2.5 or later.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2019-04675

CVE-2019-16391

DLA-1975-1

DSA-4532-1

USN-4536-1

Affected Products

Spip

Ubuntu

CVE-2019-16391

Weakness Enumeration

Related Identifiers

Affected Products

References · 26