Database Modification Vulnerability in SPIP by SPIP Team
CVE-2019-16391

6.5MEDIUM

Key Information:

Vendor
Spip
Status
Spip
Vendor
CVE Published:
17 September 2019

Summary

Versions of SPIP prior to 3.1.11 and 3.2.5 are susceptible to a vulnerability that enables authenticated visitors to modify any published content. This oversight may allow these users to execute unauthorized modifications directly to the underlying database, posing a significant risk to data integrity and website functionality.

References

https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-So...
x_refsource_MISC
https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c27...
x_refsource_MISC
https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.