Vulnerability Description
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spip | Spip | >= 3.2.0, < 3.2.7 |
| Debian | Debian Linux | 9.0 |
| Canonical | Ubuntu Linux | 18.04 |
References
- https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIPVendor Advisory
- https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69PatchVendor Advisory
- https://usn.ubuntu.com/4536-1/Third Party Advisory
- https://www.debian.org/security/2019/dsa-4583Third Party Advisory
- https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/mBroken Link
- https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIPVendor Advisory
- https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69PatchVendor Advisory
- https://usn.ubuntu.com/4536-1/Third Party Advisory
- https://www.debian.org/security/2019/dsa-4583Third Party Advisory
- https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/mBroken Link
FAQ
What is CVE-2019-19830?
CVE-2019-19830 is a vulnerability with a CVSS score of 6.5 (MEDIUM). _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
How severe is CVE-2019-19830?
CVE-2019-19830 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19830?
Check the references section above for vendor advisories and patch information. Affected products include: Spip Spip, Debian Debian Linux, Canonical Ubuntu Linux.