First published: Fri Sep 06 2024(Updated: )
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
Credit: disclosure@vulncheck.com
Affected Software | Affected Version | How to fix |
---|---|---|
Spip Spip | >=4.0.0<4.1.18 | |
Spip Spip | >=4.2.0<=4.2.15 | |
Spip Spip | =4.3.0 | |
Spip Spip | =4.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.