SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
{ "binaries": [ { "binary_name": "spip", "binary_version": "3.0.21-1ubuntu1" } ] }
{ "binaries": [ { "binary_name": "spip", "binary_version": "3.1.4-4~deb9u5ubuntu0.1~esm2" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "spip", "binary_version": "3.2.7-1ubuntu0.1+esm2" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "spip", "binary_version": "4.0.4-1" } ] }