Spip : Security Vulnerabilities Published In 2019
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-19830 |
|
|
|
2019-12-17 |
2022-05-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. |
2 |
CVE-2019-16394 |
203 |
|
|
2019-09-17 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. |
3 |
CVE-2019-16393 |
601 |
|
|
2019-09-17 |
2020-09-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. |
4 |
CVE-2019-16392 |
79 |
|
XSS |
2019-09-17 |
2020-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. |
5 |
CVE-2019-16391 |
|
|
|
2019-09-17 |
2020-09-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php. |
6 |
CVE-2019-11071 |
20 |
|
Exec Code |
2019-04-10 |
2020-09-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. |
Total number of vulnerabilities :
6
Page :
1
(This Page)