CVE-2019-16391 — Spip vulnerability

6 documents5 sources

Severity

6.5MEDIUMNVD

OSV6.1

EPSS

0.9%

top 24.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Spip Debian Spip Canonical Ubuntu Linux +1 more

Timeline

PublishedSep 17

Latest updateMay 24

Description

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDspip/spip3.2.0 — 3.2.5+1

▶debiandebian/spip< spip 3.2.5-1 (bullseye)

▶Debianspip/spip< 3.2.5-1+2

▶Ubuntuspip/spip< 3.1.4-4~deb9u3build0.18.04.1

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 18.04

Patches

Patch: blog.spip.net ↗Patch: blog.spip.net ↗Patch: git.spip.net ↗

🔴Vulnerability Details

GHSA

GHSA-ff33-vc6x-7mcf: SPIP before 3↗2022-05-24

▶

OSV

spip vulnerabilities↗2020-09-24

▶

OSV

CVE-2019-16391: SPIP before 3↗2019-09-17

▶

📋Vendor Advisories

Ubuntu

SPIP vulnerabilities↗2020-09-24

▶

Debian

CVE-2019-16391: spip - SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify ...↗2019

▶