PT-2022-19328 · Unknown+2 · Spip Web Framework+2
Laluka
+1
·
Published
2020-11-25
·
Updated
2026-04-06
·
CVE-2022-28961
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Spip Web Framework versions v3.1.13 and earlier
Description
The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities are located at the "/ecrire" endpoint via the
lier trad and where parameters.Recommendations
For Spip Web Framework versions v3.1.13 and earlier, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the "/ecrire" endpoint to minimize the risk of exploitation.
Avoid using the
lier trad and where parameters in the affected endpoint until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Spip Web Framework
Ubuntu