First published: Thu Mar 10 2022(Updated: )
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Spip Spip | <3.2.14 | |
Spip Spip | >=4.0.0<4.0.5 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-26846.
The severity of CVE-2022-26846 is high with a CVSS score of 8.8.
CVE-2022-26846 allows remote authenticated editors to execute arbitrary code in SPIP versions before 3.2.14 and 4.x before 4.0.5.
To fix CVE-2022-26846, you should update SPIP to version 3.2.14 or 4.0.5, depending on the version you are using.
You can find more information about CVE-2022-26846 at the following references: [link1](https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html), [link2](https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2), [link3](https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html).