Описание
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.3.8+dfsg-1 |
| esm-apps/bionic | released | 3.1.4-4~deb9u5ubuntu0.1~esm2 |
| esm-apps/focal | released | 3.2.7-1ubuntu0.1+esm2 |
| esm-apps/jammy | needed | |
| esm-apps/noble | needed | |
| esm-apps/xenial | needed | |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| noble | needed | |
| oracular | released | 4.3.1+dfsg-1ubuntu0.1 |
Показывать по
Ссылки на источники
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command inje ...
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
EPSS
9.8 Critical
CVSS3