 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2025.7318.1 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-7318-1) |
| Summary: | The remote host is missing an update for the 'spip' package(s) announced via the USN-7318-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'spip' package(s) announced via the USN-7318-1 advisory. Vulnerability Insight: It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 24.10. (CVE-2022-23638) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28959) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform PHP injection attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28960) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28961) It was discovered that SPIP did not properly sanitize certain inputs. A remote authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-37155) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-24258) It was discovered that SPIP did not properly handle serialization under certain circumstances. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-27372) It was discovered that SPIP did not properly sanitize HTTP requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-8517) Affected Software/OS: 'spip' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 24.10. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2022-23638 https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-fqx8-v33p-4qcc https://github.com/darylldoyle/svg-sanitizer/commit/17e12ba9c2881caa6b167d0fbea555c11207fbb0 Common Vulnerability Exposure (CVE) ID: CVE-2022-28959 https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/ https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/ Common Vulnerability Exposure (CVE) ID: CVE-2022-28960 Common Vulnerability Exposure (CVE) ID: CVE-2022-28961 Common Vulnerability Exposure (CVE) ID: CVE-2022-37155 https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md https://pastebin.com/ZH7CPc8X https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/ Common Vulnerability Exposure (CVE) ID: CVE-2023-24258 Debian Security Information: DSA-5325 (Google Search) https://www.debian.org/security/2023/dsa-5325 https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md Common Vulnerability Exposure (CVE) ID: CVE-2023-27372 Debian Security Information: DSA-5367 (Google Search) https://www.debian.org/security/2023/dsa-5367 http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266 https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d Common Vulnerability Exposure (CVE) ID: CVE-2024-8517 |
| Copyright | Copyright (C) 2025 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |