Описание
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| spip | fixed | 4.1.5+dfsg-1 | package |
Примечания
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html
https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/
Связанные уязвимости
CVSS3: 8.8
ubuntu
около 3 лет назад
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
CVSS3: 8.8
nvd
около 3 лет назад
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
CVSS3: 8.8
github
около 3 лет назад
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via a GET parameter