Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-7318-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.12.2025.7318.1

Categoría: Ubuntu Local Security Checks

Título: Ubuntu: Security Advisory (USN-7318-1)

Resumen: The remote host is missing an update for the 'spip' package(s) announced via the USN-7318-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'spip' package(s) announced via the USN-7318-1 advisory.

Vulnerability Insight:
It was discovered that svg-sanitizer, vendored in SPIP, did not properly
sanitize SVG/XML content. An attacker could possibly use this issue to
perform cross site scripting. This issue only affected Ubuntu 24.10.
(CVE-2022-23638)

It was discovered that SPIP did not properly sanitize certain inputs. A
remote attacker could possibly use this issue to perform cross site
scripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28959)

It was discovered that SPIP did not properly sanitize certain inputs. A
remote attacker could possibly use this issue to perform PHP injection
attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28960)

It was discovered that SPIP did not properly sanitize certain inputs. A
remote attacker could possibly use this issue to perform SQL injection
attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28961)

It was discovered that SPIP did not properly sanitize certain inputs. A
remote authenticated attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-37155)

It was discovered that SPIP did not properly sanitize certain inputs. A
remote attacker could possibly use this issue to perform SQL injection
attacks. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2023-24258)

It was discovered that SPIP did not properly handle serialization under
certain circumstances. A remote attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2023-27372)

It was discovered that SPIP did not properly sanitize HTTP requests. A
remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2024-8517)

Affected Software/OS:
'spip' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 24.10.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-23638
https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-fqx8-v33p-4qcc
https://github.com/darylldoyle/svg-sanitizer/commit/17e12ba9c2881caa6b167d0fbea555c11207fbb0
Common Vulnerability Exposure (CVE) ID: CVE-2022-28959
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html
https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/
https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/
Common Vulnerability Exposure (CVE) ID: CVE-2022-28960
Common Vulnerability Exposure (CVE) ID: CVE-2022-28961
Common Vulnerability Exposure (CVE) ID: CVE-2022-37155
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html
https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md
https://pastebin.com/ZH7CPc8X
https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/
Common Vulnerability Exposure (CVE) ID: CVE-2023-24258
Debian Security Information: DSA-5325 (Google Search)
https://www.debian.org/security/2023/dsa-5325
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html
https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md
Common Vulnerability Exposure (CVE) ID: CVE-2023-27372
Debian Security Information: DSA-5367 (Google Search)
https://www.debian.org/security/2023/dsa-5367
http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html
http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html
https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266
https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d
Common Vulnerability Exposure (CVE) ID: CVE-2024-8517

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.12.2025.7318.1
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu: Security Advisory (USN-7318-1)
Resumen:	The remote host is missing an update for the 'spip' package(s) announced via the USN-7318-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'spip' package(s) announced via the USN-7318-1 advisory. Vulnerability Insight: It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 24.10. (CVE-2022-23638) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28959) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform PHP injection attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28960) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28961) It was discovered that SPIP did not properly sanitize certain inputs. A remote authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-37155) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-24258) It was discovered that SPIP did not properly handle serialization under certain circumstances. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-27372) It was discovered that SPIP did not properly sanitize HTTP requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-8517) Affected Software/OS: 'spip' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 24.10. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-23638 https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-fqx8-v33p-4qcc https://github.com/darylldoyle/svg-sanitizer/commit/17e12ba9c2881caa6b167d0fbea555c11207fbb0 Common Vulnerability Exposure (CVE) ID: CVE-2022-28959 https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/ https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/ Common Vulnerability Exposure (CVE) ID: CVE-2022-28960 Common Vulnerability Exposure (CVE) ID: CVE-2022-28961 Common Vulnerability Exposure (CVE) ID: CVE-2022-37155 https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md https://pastebin.com/ZH7CPc8X https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/ Common Vulnerability Exposure (CVE) ID: CVE-2023-24258 Debian Security Information: DSA-5325 (Google Search) https://www.debian.org/security/2023/dsa-5325 https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md Common Vulnerability Exposure (CVE) ID: CVE-2023-27372 Debian Security Information: DSA-5367 (Google Search) https://www.debian.org/security/2023/dsa-5367 http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266 https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d Common Vulnerability Exposure (CVE) ID: CVE-2024-8517
Copyright	Copyright (C) 2025 Greenbone AG