Описание
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | needed | |
| esm-apps/noble | needed | |
| esm-apps/xenial | needed | |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| noble | needed | |
| oracular | not-affected |
Показывать по
9.8 Critical
CVSS3
Связанные уязвимости
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4. ...
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
Уязвимость плагина porte_plume системы управления контентом SPIP, позволяющая нарушителю выполнить произвольный код
9.8 Critical
CVSS3