Lucene search
China National Vulnerability DatabaseCNVD-2022-66690HistoryMay 23, 2022 - 12:00 a.m.
SPIP remote code execution vulnerability
2022-05-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
0.002 Low
EPSS
Percentile
59.0%
SPIP is a Web-based content publishing system used primarily for online collaboration. A remote code execution vulnerability exists in versions of SPIP prior to 3.2.8, which are primarily used for online collaboration. The vulnerability stems from the _oups parameter of /ecrire not properly filtering the special elements of the constructed snippet. An attacker could exploit this vulnerability to cause arbitrary PHP code execution.
Related
cve
cve
CVE-2022-28960
2022-05-19 21:15:08
prion
prion
Sql injection
2022-05-19 21:15:00
osv
osv
CVE-2022-28960
2022-05-19 21:15:08
spip - security update
2020-11-25 00:00:00
nvd
nvd
CVE-2022-28960
2022-05-19 21:15:08
ubuntucve
ubuntucve
CVE-2022-28960
2022-05-19 00:00:00
openvas
openvas
SPIP < 3.2.8 PHP Injection Vulnerability
2022-06-01 00:00:00
Debian: Security Advisory (DSA-4798-1)
2020-11-26 00:00:00
cvelist
cvelist
CVE-2022-28960
2022-05-19 20:26:14
debiancve
debiancve
CVE-2022-28960
2022-05-19 21:15:08
veracode
veracode
Arbitrary Code Injection
2022-05-30 22:49:22