Lucene search
Veracode Vulnerability DatabaseVERACODE:35776HistoryMay 30, 2022 - 10:49 p.m.
Arbitrary Code Injection
2022-05-3022:49:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.002 Low
EPSS
Percentile
59.0%
spip is vulnerable to arbitrary code injection. A PHP injection vulnerability allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spip:buster | eq | 3.2.4-1+deb10u2 | |
| spip:buster | eq | 3.2.4-1+deb10u2 |
References
blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html
github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
security-tracker.debian.org/tracker/CVE-2022-28960
thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/
www.root-me.org/fr/Informations/Faiblesses-decouvertes/
Related
cve
cve
CVE-2022-28960
2022-05-19 21:15:08
cnvd
cnvd
SPIP remote code execution vulnerability
2022-05-23 00:00:00
prion
prion
Sql injection
2022-05-19 21:15:00
osv
osv
CVE-2022-28960
2022-05-19 21:15:08
spip - security update
2020-11-25 00:00:00
nvd
nvd
CVE-2022-28960
2022-05-19 21:15:08
ubuntucve
ubuntucve
CVE-2022-28960
2022-05-19 00:00:00
openvas
openvas
SPIP < 3.2.8 PHP Injection Vulnerability
2022-06-01 00:00:00
Debian: Security Advisory (DSA-4798-1)
2020-11-26 00:00:00
cvelist
cvelist
CVE-2022-28960
2022-05-19 20:26:14
debiancve
debiancve
CVE-2022-28960
2022-05-19 21:15:08