CVE-2022-28960
Summary
| CVE | CVE-2022-28960 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-19 21:15:00 UTC |
| Updated | 2023-08-08 14:21:00 UTC |
| Description | A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. |
Risk And Classification
Problem Types: CWE-116
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Mise à jour CRITIQUE de sécurité : sortie de SPIP 3.2.8 et SPIP 3.1.13 SPIP (...) - SPIP Blog | MISC | blog.spip.net | |
| Informations/Faiblesses découvertes [Root Me : plateforme d'apprentissage dédiée au Hacking et à la Sécurité de l'Information] | MISC | www.root-me.org | |
| Divers petites sanitization et une balise manquante #4494 · spip/SPIP@6c16507 · GitHub | MISC | github.com | |
| RCE on Spip and Root-Me • Think Love Share | MISC | thinkloveshare.com | |
| _oups donc (aka un base64_encode ca fait pas de mal) · spip/SPIP@0394b44 · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179308 Debian Security Update for spip (CVE-2022-28960)