SPIP 4.1.6

CPE Details

SPIP 4.1.6
spip
spip
4.1.6
2023-03-06
12h15 +00:00
2023-03-06
22h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:spip:spip:4.1.6:*:*:*:*:*:*:*

Informations

Vendor

spip

Product

spip

Version

4.1.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-8517 2024-09-06 15h55 +00:00 SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
9.8
Critical
CVE-2024-23659 2024-01-18 23h00 +00:00 SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
6.1
Medium
CVE-2023-52322 2024-01-03 23h00 +00:00 ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
6.1
Medium
CVE-2023-27372 2023-02-27 23h00 +00:00 SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
9.8
Critical