SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Jun 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2023-02-28 20:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-27372
Mitre link : CVE-2023-27372
CVE.ORG link : CVE-2023-27372
JSON object : View
Products Affected
debian
- debian_linux
spip
- spip
CWE