Monthly
SPIP versions 4.4.10 through 4.4.12 contain a privilege escalation vulnerability that allows authenticated users with limited permissions to assign administrator privileges to themselves or other accounts through improper handling of the STATUT field during author data structure editing. An attacker with login credentials and user interaction can exploit this to gain full administrative control, leading to complete compromise of the CMS instance. The vulnerability was patched in version 4.4.13.
SPIP versions 4.4.10 through 4.4.12 contain a privilege escalation vulnerability that allows authenticated users with limited permissions to assign administrator privileges to themselves or other accounts through improper handling of the STATUT field during author data structure editing. An attacker with login credentials and user interaction can exploit this to gain full administrative control, leading to complete compromise of the CMS instance. The vulnerability was patched in version 4.4.13.