4 matches found
CVE-2019-11071
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because varmemotri is mishandled...
Debian DSA-4429-1 : spip - security update
It was discovered that SPIP, a website engine for publishing, did not properly sanitize its user input. This would allow an authenticated user to perform arbitrary command execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
CVE-2019-11071
CVE-2019-11071 affects SPIP 3.1.x before 3.1.10 and 3.2.x before 3.2.4, where mishandling of var_memotri enables an authenticated visitor to execute arbitrary code on the host server. The vulnerability is an authenticated RCE with high impact (CVE-3.x reported as high/critical depending on vector...
CVE-2019-11071
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because varmemotri is mishandled...