CVE-2021-44123 — Vulnetix

CVE-2021-44123 PUBLISHED CVSS 8.800000190734863 HIGH

SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.

EPSS 2.52% · 85.7th percentile

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.52%

85.7th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
spip	spip	4.0.0

Exploit Intelligence

https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a (circl)

Timeline

Jan 26, 2022 CVE Published
Jan 27, 2022 EPSS Score
Feb 2, 2022 CVE Updated
Mar 21, 2022 EPSS Score
May 13, 2022 EPSS Score
Aug 27, 2022 EPSS Score
Oct 19, 2022 EPSS Score
Dec 11, 2022 EPSS Score
Feb 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 27, 2023 EPSS Score
Jul 11, 2023 EPSS Score

References

https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a url
https://nvd.nist.gov/vuln/detail/CVE-2021-44123 advisory

Open in Interactive Console →