CVE-2019-19830 : _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated aut

_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.

Published 2019-12-17 05:15:15

Updated 2022-05-03 14:28:26

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-19830

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Spip » Spip
Versions from including (>=) 3.2.0 and before (<) 3.2.7
cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions

Top countries where our scanners detected CVE-2019-19830

Top open port discovered on systems with this issue 80

IPs affected by CVE-2019-19830 1,111

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-19830!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 43 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html

Mise à jour CRITIQUE de sécurité : sortie de SPIP 3.2.7 & SPIP (...) - SPIP Blog
Vendor Advisory
https://usn.ubuntu.com/4536-1/

USN-4536-1: SPIP vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias

Changeset 118898 for _core_/plugins/medias – SPIP-ZONE
Broken Link
https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69

Feu les temps modernes · 8eb11ba132 - spip - SPIP on GIT
Patch;Vendor Advisory
https://www.debian.org/security/2019/dsa-4583

Debian -- Security Information -- DSA-4583-1 spip
Third Party Advisory

Jump to