CVE-2025-71242

Sažetak

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.

Reference

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-3-6.html
https://git.spip.net/spip/spip
https://www.vulncheck.com/advisories/spip-authorization-bypass-leading-to-content-disclosure

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

02-03-2026 - 15:16

Objavljeno

19-02-2026 - 16:27