Описание
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.1.4-4~deb9u3build0.18.04.1 |
| devel | not-affected | 3.2.5-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 3.1.4-4~deb9u3build0.18.04.1 |
| esm-apps/focal | not-affected | 3.2.5-1 |
| esm-apps/jammy | not-affected | 3.2.5-1 |
| esm-apps/noble | not-affected | 3.2.5-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE |
Показывать по
Ссылки на источники
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors ...
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
Уязвимость системы управления контентом spip, связанная с неправильной авторизацией, позволяющая нарушителю нарушить целостность данных
4 Medium
CVSS2
6.5 Medium
CVSS3