2019-09-17 23:15:11 2019-09-25 14:15:13

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
SPIP SPIP 3.0.13 SPIP SPIP 3.0.11 SPIP SPIP 3.0.10 SPIP SPIP 3.0.9 SPIP 3.0.8 SPIP 3.0.7 SPIP 3.0.6 SPIP 3.0.5 SPIP 3.0.4 SPIP 3.0.3 SPIP 3.0.2 SPIP 3.0.1 SPIP 3.0.0 Spip Spip 2.1.30 (not an official CPE) SPIP SPIP 2.1.24 SPIP SPIP 2.1.23 SPIP SPIP 2.1.22 SPIP SPIP 2.1.21 SPIP SPIP 2.1.20 SPIP SPIP 2.1.19 SPIP SPIP 2.1.18 SPIP SPIP 2.1.17 SPIP SPIP 2.1.16 SPIP SPIP 2.1.15 SPIP SPIP 2.1.14 SPIP SPIP 2.1.13 SPIP SPIP 2.1.12 SPIP SPIP 2.1.11 SPIP SPIP 2.1.10 SPIP SPIP 2.1.9 SPIP SPIP 2.1.8 SPIP SPIP 2.1.7 SPIP SPIP 2.1.6 SPIP SPIP 2.1.5 SPIP SPIP 2.1.4 SPIP SPIP 2.1.3 SPIP SPIP 2.1.2 SPIP SPIP 2.1.1 SPIP 2.0.22 SPIP 2.0.21 SPIP 2.0.20 SPIP 2.0.19 SPIP 2.0.18 SPIP 2.0.17 SPIP 2.0.16 SPIP 2.0.15 SPIP 2.0.14 SPIP 2.0.13 SPIP 2.0.12 SPIP 2.0.11 SPIP 2.0.10 SPIP 2.0.9 SPIP 2.0.8 SPIP SPIP 2.0.7 SPIP 2.0.6 SPIP 2.0.5 SPIP 2.0.4 SPIP 2.0.3 SPIP SPIP 2.0.2 SPIP 2.0.1 SPIP 2.0.0 Spip Spip 3.0.25 (not an official CPE) Spip Spip 3.0.26 (not an official CPE) Spip Spip 3.0.27 (not an official CPE) Spip Spip 3.0.28 (not an official CPE) Spip Spip 3.1.0 - (not an official CPE) Spip Spip 3.1.0 Alpha (not an official CPE) Spip Spip 3.1.0 Beta (not an official CPE) Spip Spip 3.1.0 Rc (not an official CPE) Spip Spip 3.1.0 Rc2 (not an official CPE) Spip Spip 3.1.0 Rc3 (not an official CPE) Spip Spip 3.1.1 (not an official CPE) Spip Spip 3.1.2 (not an official CPE) Spip Spip 3.1.3 (not an official CPE) Spip Spip 3.1.9 (not an official CPE) Spip Spip 3.1.10 (not an official CPE) Spip Spip 3.2.0 (not an official CPE) Spip Spip 3.2.0 Alpha (not an official CPE) Spip Spip 3.2.0 Beta3 (not an official CPE) Spip Spip 3.2.1 (not an official CPE) Spip Spip 3.2.2 (not an official CPE) Spip Spip 3.2.3 (not an official CPE) Spip Spip 3.2.4 (not an official CPE)