Arbitrary Code Execution Vulnerability in SPIP 3.1 and 3.2

Arbitrary Code Execution Vulnerability in SPIP 3.1 and 3.2

CVE-2019-11071 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.

Learn more about our Cis Benchmark Audit For Server Software.