CVE Vulnerabilities

CVE-2019-19830

Published: Dec 17, 2019 | Modified: May 03, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.

Affected Software

Name Vendor Start Version End Version
Spip Spip 3.2.0 (including) 3.2.7 (excluding)
Spip Ubuntu disco *
Spip Ubuntu eoan *
Spip Ubuntu esm-apps/bionic *
Spip Ubuntu trusty *
Spip Ubuntu upstream *

References