CVE-2020-28984 — Improper Input Validation in Spip

CWE-20 — Improper Input Validation8 documents5 sources

Severity

9.8CRITICALNVD

EPSS

1.4%

top 19.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Spip Debian Spip Debian Linux

Timeline

PublishedNov 23

Latest updateMar 2

Description

prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDspip/spip< 3.2.8

▶debiandebian/spip< spip 3.2.8-1 (bullseye)

▶Debianspip/spip< 3.2.8-1+2

▶Ubuntuspip/spip< 3.1.4-4~deb9u5build0.18.04.1+1

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: git.spip.net ↗Patch: git.spip.net ↗

🔴Vulnerability Details

OSV

spip vulnerabilities↗2023-03-02

▶

OSV

spip vulnerabilities↗2022-06-16

▶

GHSA

Improper Input Validation in SPIP↗2022-02-15

▶

OSV

CVE-2020-28984: prive/formulaires/configurer_preferences↗2020-11-23

▶

📋Vendor Advisories

Ubuntu

SPIP vulnerabilities↗2023-03-02

▶

Ubuntu

SPIP vulnerabilities↗2022-06-16

▶

Debian

CVE-2020-28984: spip - prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not prope...↗2020

▶