PT-2026-26961 · Spip · Spip
Published
2026-03-22
·
Updated
2026-03-22
·
CVE-2026-33549
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SPIP versions 4.4.10 through 4.4.12
Description
The software contains a flaw that can lead to unintended privilege assignment, specifically granting administrator privileges during the editing of author data. This occurs due to improper handling of the
STATUT variable.Recommendations
Update to version 4.4.13 or later.
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spip