CVE-2022-26846

nvd nist

Published: Mar 10, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.

Affected (5)

Products: Spip: Spip · Debian: Debian Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Spip Spip	Before 3.2.14
Spip Spip	From 4.0.0 to 4.0.5

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 9.0

References (8)

https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2

Source: cve@mitre.org

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-security-announce/2022/msg00060.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-security-announce/2022/msg00060.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.