SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Spip | Spip | * | 3.2.18 (excluding) |
Spip | Spip | 4.0.0 (including) | 4.0.10 (excluding) |
Spip | Spip | 4.1.0 (including) | 4.1.8 (excluding) |
Spip | Spip | 4.2.0 (including) | 4.2.0 (including) |
Spip | Spip | 4.2.0-alpha (including) | 4.2.0-alpha (including) |
Spip | Spip | 4.2.0-alpha2 (including) | 4.2.0-alpha2 (including) |