Remote Code Execution Vulnerability in SPIP by SPIP Team
CVE-2017-9736
9.8CRITICAL
Summary
A vulnerability in SPIP versions 3.1.x before 3.1.6 and 3.2.x before Beta 3 allows attackers to inject shell metacharacters into the host field. This misconfiguration permits remote code execution, granting attackers the ability to execute arbitrary code on the affected system. It is crucial for users to update to the recommended versions to mitigate this risk and enhance their security posture.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved