← Zuruck zu CVEs
CVE-2025-71242
MEDIUM6.5
Beschreibung
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.
CVE Details
CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht2/19/2026
Zuletzt geandert3/2/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
spip:spip
Schwachen (CWE)
CWE-285
Referenzen
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-3-6.html(disclosure@vulncheck.com)
https://git.spip.net/spip/spip(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/spip-authorization-bypass-leading-to-content-disclosure(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.