CVE-2019-16391
MEDIUM6.5EPSS 0.87%spip - security update
發布日:2019/9/17修改日:2026/3/9
也稱為:DEBIAN-CVE-2019-16391DLA-1975-1
描述
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
受影響套件(3)
- Debian/spipfrom 0, < 3.2.5-1
- Debian/spipfrom 0, < 3.0.17-2+deb8u5
- Debian/spipfrom 0, < 3.1.4-4~deb9u3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |