Your submission was sent successfully! Close

CVE-2021-44123

Published: 26 January 2022

SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
spip
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

impish
Released (3.2.11-3+deb11u3build0.21.10.1)
jammy Needs triage

kinetic Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)