CVE-2023-24258

Опубликовано: 27 фев. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 9.8

Описание

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	4.2.11+dfsg-1
esm-apps/bionic	released	3.1.4-4~deb9u5ubuntu0.1~esm2
esm-apps/focal	released	3.2.7-1ubuntu0.1+esm2
esm-apps/jammy	needed
esm-apps/noble	not-affected
esm-apps/xenial	needed
focal	ignored	end of standard support, was needed
jammy	needed
kinetic	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 73%

0.00745

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2023-24258

CVSS3: 9.8

nvd

почти 3 года назад

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.

CVE-2023-24258

CVSS3: 9.8

debian

почти 3 года назад

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vuln ...

GHSA-9xqm-m59j-x893

CVSS3: 9.8

github

почти 3 года назад

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.

EPSS

Процентиль: 73%

0.00745

Низкий

9.8 Critical

CVSS3

CVE-2023-24258

Описание

Пакет spip

Ссылки на источники

Связанные уязвимости