First published: Mon Feb 27 2023(Updated: )
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Spip Spip | <=4.1.5 | |
debian/spip | <=3.2.4-1+deb10u9 | 3.2.4-1+deb10u11 3.2.11-3+deb11u9 3.2.11-3+deb11u7 4.1.9+dfsg-1+deb12u2 4.1.12+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this SQL injection vulnerability in SPIP is CVE-2023-24258.
SPIP is a content management system.
CVE-2023-24258 has a severity rating of 9.8 (Critical).
An attacker can exploit this vulnerability by sending a crafted POST request with a manipulated _oups parameter to execute arbitrary code.
Yes, patches are available to fix this vulnerability. Please refer to the provided references for more information.