SQL injection - Code In spip/spip
Description
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Aliases
1. 2. 3. 4. 5. 6.
References
1. 2.