SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | spip | < 4.1.7+dfsg-1 | spip_4.1.7+dfsg-1_all.deb |
Debian | 11 | all | spip | < 3.2.11-3+deb11u6 | spip_3.2.11-3+deb11u6_all.deb |
Debian | 10 | all | spip | < 3.2.4-1+deb10u10 | spip_3.2.4-1+deb10u10_all.deb |
Debian | 999 | all | spip | < 4.1.7+dfsg-1 | spip_4.1.7+dfsg-1_all.deb |
Debian | 13 | all | spip | < 4.1.7+dfsg-1 | spip_4.1.7+dfsg-1_all.deb |