Vulnerabilities > CVE-2020-28984

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
spip
debian
critical
NVD
Published: 2020-11-23
Updated: 2021-02-04

Summary

prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.

Vulnerable Configurations

Part Description Count
Application
Spip
126
OS
Debian
2

References