CVE-2019-19830 - _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject conte

CVE-2019-19830

Summary

_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.

References

Vulnerable Configurations

cpe:2.3:a:spip:spip:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:alpha:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:alpha:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:beta:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:beta:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:spip:spip:3.2.5:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:N

refmap via4

debian	DSA-4583
misc	https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69 https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias
ubuntu	USN-4536-1

Last major update

03-05-2022 - 14:28

Published

17-12-2019 - 05:15

Last modified

03-05-2022 - 14:28