SPIP has released security updates to address a critical vulnerability (CVE-2024-8517) affecting several versions of SPIP software. This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.
Successful exploitation of the command injection vulnerability could allow an unauthenticated attacker to send specially crafted Hypertext Transfer Protocol (HTTP) requests and execute arbitrary operating system commands remotely.
The vulnerability affects all versions of SPIP since 4.0.
Users and administrators of affected product versions are advised to update to the following latest versions immediately:
• SPIP 4.1.18
• SPIP 4.2.16
• SPIP 4.3.2
More information is available here: