Lucene search
GoogleOSV:CVE-2022-28960HistoryMay 19, 2022 - 9:15 p.m.
CVE-2022-28960
2022-05-1921:15:08
Google
osv.dev
6
php injection
spip
arbitrary code execution
software
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
References
blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html
github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/
www.root-me.org/fr/Informations/Faiblesses-decouvertes/
Related
cnvd
cnvd
SPIP remote code execution vulnerability
2022-05-23 00:00:00
cve
cve
CVE-2022-28960
2022-05-19 21:15:08
veracode
veracode
Arbitrary Code Injection
2022-05-30 22:49:22
prion
prion
Sql injection
2022-05-19 21:15:00
nvd
nvd
CVE-2022-28960
2022-05-19 21:15:08
ubuntucve
ubuntucve
CVE-2022-28960
2022-05-19 00:00:00
cvelist
cvelist
CVE-2022-28960
2022-05-19 20:26:14
openvas
openvas
SPIP < 3.2.8 PHP Injection Vulnerability
2022-06-01 00:00:00
Debian: Security Advisory (DSA-4798-1)
2020-11-26 00:00:00
debiancve
debiancve
CVE-2022-28960
2022-05-19 21:15:08
osv
osv
spip - security update
2020-11-25 00:00:00