[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-19830Date: (C)2019-12-17   (M)2023-12-22


_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 4.0
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
DSA-4583
USN-4536-1
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html
https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69
https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias

CPE    3
cpe:/o:debian:debian_linux:9.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/a:spip:spip
OVAL    4
oval:org.secpod.oval:def:67128
oval:org.secpod.oval:def:705655
oval:org.secpod.oval:def:604644
oval:org.secpod.oval:def:69795
...

© SecPod Technologies