First published: Mon Nov 23 2020(Updated: )
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Spip Spip | <3.2.8 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
debian/spip | 3.2.4-1+deb10u9 3.2.4-1+deb10u11 3.2.11-3+deb11u9 3.2.11-3+deb11u7 4.1.9+dfsg-1+deb12u2 4.1.12+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-28984 is critical with a CVSS score of 9.8.
CVE-2020-28984 affects SPIP versions before 3.2.8.
In CVE-2020-28984, the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters in prive/formulaires/configurer_preferences.php are not properly validated.
Yes, Debian Debian Linux versions 9.0 and 10.0 are affected by CVE-2020-28984.
To fix CVE-2020-28984, update SPIP to version 3.2.8 or later.