CVE-2019-19830Improper Input Validation in Spip

CWE-20Improper Input Validation6 documents5 sources
Severity
6.5MEDIUMNVD
OSV6.1
EPSS
0.5%
top 32.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SpipDebian SpipCanonical Ubuntu Linux+1 more
Timeline
PublishedDec 17
Latest updateMay 24

Description

_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDspip/spip3.2.03.2.7
debiandebian/spip< spip 3.2.7-1 (bullseye)
Debianspip/spip< 3.2.7-1+2
Ubuntuspip/spip< 3.1.4-4~deb9u3build0.18.04.1

Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 18.04

Patches

Patch: git.spip.netPatch: git.spip.net

🔴Vulnerability Details

3
GHSA
GHSA-hrcf-gxm4-f848: _core_/plugins/medias in SPIP 32022-05-24
OSV
spip vulnerabilities2020-09-24
OSV
CVE-2019-19830: _core_/plugins/medias in SPIP 32019-12-17

📋Vendor Advisories

2
Ubuntu
SPIP vulnerabilities2020-09-24
Debian
CVE-2019-19830: spip - _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated aut...2019
CVE-2019-19830 — Improper Input Validation in Spip | cvebase