CVE-2026-22205
HIGH7.5EPSS 0.43%spip - security update
發布日:2026/2/26修改日:2026/5/29
描述
SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.
受影響套件(2)
- Debian/spipfrom 0
- Debian/spipfrom 0, < 4.4.11+dfsg-0+deb13u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |