Lucene search

Veracode Vulnerability DatabaseVERACODE:27242

HistorySep 24, 2020 - 11:07 a.m.

Authorization Bypas

2020-09-2411:07:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

spip

authorization bypass

vulnerability

database modification

EPSS

0.002

Percentile

52.4%

JSON

spip is vulnerable to authorization bypass. The vulnerability exists as authenticated visitors can modify any published content and execute other modifications in the database.

References

blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html

blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr

git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79

git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66

lists.debian.org/debian-lts-announce/2019/10/msg00038.html

seclists.org/bugtraq/2019/Sep/40

usn.ubuntu.com/4536-1/

www.debian.org/security/2019/dsa-4532

EPSS

0.002

Percentile

52.4%

JSON

Related for VERACODE:27242