Описание
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:beta:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:rc:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2:alpha-1:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:beta:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:beta2:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04422
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 8 лет назад
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
CVSS3: 9.8
debian
больше 8 лет назад
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell ...
CVSS3: 9.8
github
больше 3 лет назад
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
EPSS
Процентиль: 89%
0.04422
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78