CVE-2026-33549

Published: Mar 22, 2026 Last Modified: Mar 22, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,7
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: low

Description

AI Translation Available

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.

688

Function Call With Incorrect Variable or Reference as Argument

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Quality Degradation
Applicable Platforms
Languages: C, Perl
View CWE Details
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPI…
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-13.html?lang=fr
https://git.spip.net/spip/prive/-/commit/b8481a7feb00f301f0…
https://git.spip.net/spip/prive/-/commit/b8481a7feb00f301f0ff7d5ce2aad8a772d92c…
https://git.spip.net/spip/prive/-/merge_requests/131
https://git.spip.net/spip/prive/-/merge_requests/131