First published: Tue Dec 13 2022(Updated: )
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Spip Spip | >=3.1.13<=4.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-37155 is a remote code execution vulnerability in SPIP versions 3.1.13 through 4.1.2.
CVE-2022-37155 allows remote authenticated users to execute arbitrary code by exploiting the _oups parameter.
CVE-2022-37155 has a severity rating of 8.8 (high).
SPIP versions 3.1.13 through 4.1.2 are affected by CVE-2022-37155.
To fix CVE-2022-37155, update your SPIP installation to version 4.1.5, 4.0.8, or 3.2.16.