CVE-2020-28984

CVE-2020-28984 affects SPIP before 3.2.8: prive/formulaires/configurer_preferences.php fails to properly validate couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. Public advisories (Ubuntu/Debian) map this to remote code execution or arbitrary data handli...