CVE-2012-4331

critical

Published 2012-08-14 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-4331

OS impact

OS	Version	Status	Fixed in
debian	bullseye	fixed	`2.1.13-1`
debian	sid	fixed	`2.1.13-1`
debian	trixie	fixed	`2.1.13-1`

Application impact

Vendor	Product	Versions
spip	spip	`1.9`
spip	spip	`1.9.1`
spip	spip	`1.9.2`
spip	spip	`2.0`
spip	spip	`2.1`

References

http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/
http://www.securitytracker.com/id?1026970
https://security-tracker.debian.org/tracker/CVE-2012-4331

Verify integrity in audit chain (admin only). AS-IS.