CVE Vulnerabilities

CVE-2023-27372

Published: Feb 28, 2023 | Modified: Jun 21, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Affected Software

Name Vendor Start Version End Version
Spip Spip * 3.2.18 (excluding)
Spip Spip 4.0.0 (including) 4.0.10 (excluding)
Spip Spip 4.1.0 (including) 4.1.8 (excluding)
Spip Spip 4.2.0 (including) 4.2.0 (including)
Spip Spip 4.2.0-alpha (including) 4.2.0-alpha (including)
Spip Spip 4.2.0-alpha2 (including) 4.2.0-alpha2 (including)
Spip Ubuntu bionic *
Spip Ubuntu kinetic *
Spip Ubuntu lunar *
Spip Ubuntu mantic *
Spip Ubuntu trusty *
Spip Ubuntu upstream *
Spip Ubuntu xenial *

References