{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42192?format=json","vulnerability_id":"VCID-pwee-955h-33ct","summary":"Unrestricted Upload of File with Dangerous Type\nSPIP is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.","aliases":[{"alias":"CVE-2021-44123"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60278?format=json","purl":"pkg:composer/spip/spip@4.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spip/spip@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/516184?format=json","purl":"pkg:deb/debian/spip@3.2.4-1%2Bdeb10u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16z2-fzww-83h6"},{"vulnerability":"VCID-2hb7-ps11-27ag"},{"vulnerability":"VCID-35f4-fsfs-2bcj"},{"vulnerability":"VCID-5e4r-pkfs-gbf6"},{"vulnerability":"VCID-5hjy-djqd-nqb1"},{"vulnerability":"VCID-76z7-daxa-47dj"},{"vulnerability":"VCID-9ge5-2njt-u3dz"},{"vulnerability":"VCID-by88-axw6-qycj"},{"vulnerability":"VCID-bz14-hxqb-wyfq"},{"vulnerability":"VCID-c8qm-zhqh-z7he"},{"vulnerability":"VCID-f6vs-k7eh-33an"},{"vulnerability":"VCID-hj5x-ms6g-tqa1"},{"vulnerability":"VCID-j7f5-sz2n-f3dx"},{"vulnerability":"VCID-pry5-y4es-wueg"},{"vulnerability":"VCID-pwee-955h-33ct"},{"vulnerability":"VCID-q4dz-rqee-5bak"},{"vulnerability":"VCID-q4ys-8949-yuaj"},{"vulnerability":"VCID-u6pt-c1tk-z3ce"},{"vulnerability":"VCID-u8kv-9kkz-r3g2"},{"vulnerability":"VCID-zpm8-94h8-pqcc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.4-1%252Bdeb10u9"},{"url":"http://public2.vulnerablecode.io/api/packages/129409?format=json","purl":"pkg:deb/debian/spip@3.2.11-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.11-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129379?format=json","purl":"pkg:deb/debian/spip@3.2.11-3%2Bdeb11u10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gn6-s8fj-vqh5"},{"vulnerability":"VCID-2sva-brsa-5yhx"},{"vulnerability":"VCID-46vs-rj3j-83g5"},{"vulnerability":"VCID-55pk-782n-ykek"},{"vulnerability":"VCID-5dt2-7tt7-qbdx"},{"vulnerability":"VCID-a22b-psmb-uugx"},{"vulnerability":"VCID-c795-24cu-qyg6"},{"vulnerability":"VCID-d888-ccaz-quea"},{"vulnerability":"VCID-krfe-pwbj-ffeu"},{"vulnerability":"VCID-qhps-qvgv-nfen"},{"vulnerability":"VCID-qw55-mdmu-3kch"},{"vulnerability":"VCID-s213-4w8e-sbhj"},{"vulnerability":"VCID-str8-eeq8-bkge"},{"vulnerability":"VCID-tdua-ud9w-4kak"},{"vulnerability":"VCID-tr94-2n3r-xubf"},{"vulnerability":"VCID-yckv-nta4-6udr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.11-3%252Bdeb11u10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/195850?format=json","purl":"pkg:deb/debian/spip@3.2.11-3%2Bdeb11u10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gn6-s8fj-vqh5"},{"vulnerability":"VCID-2sva-brsa-5yhx"},{"vulnerability":"VCID-46vs-rj3j-83g5"},{"vulnerability":"VCID-55pk-782n-ykek"},{"vulnerability":"VCID-5dt2-7tt7-qbdx"},{"vulnerability":"VCID-a22b-psmb-uugx"},{"vulnerability":"VCID-c795-24cu-qyg6"},{"vulnerability":"VCID-d888-ccaz-quea"},{"vulnerability":"VCID-krfe-pwbj-ffeu"},{"vulnerability":"VCID-qhps-qvgv-nfen"},{"vulnerability":"VCID-qw55-mdmu-3kch"},{"vulnerability":"VCID-s213-4w8e-sbhj"},{"vulnerability":"VCID-str8-eeq8-bkge"},{"vulnerability":"VCID-tdua-ud9w-4kak"},{"vulnerability":"VCID-tr94-2n3r-xubf"},{"vulnerability":"VCID-yckv-nta4-6udr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.11-3%252Bdeb11u10"},{"url":"http://public2.vulnerablecode.io/api/packages/129410?format=json","purl":"pkg:deb/debian/spip@3.2.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129382?format=json","purl":"pkg:deb/debian/spip@4.4.13%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.4.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129381?format=json","purl":"pkg:deb/debian/spip@4.4.15%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.4.15%252Bdfsg-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60277?format=json","purl":"pkg:composer/spip/spip@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16z2-fzww-83h6"},{"vulnerability":"VCID-5hjy-djqd-nqb1"},{"vulnerability":"VCID-9ge5-2njt-u3dz"},{"vulnerability":"VCID-c8qm-zhqh-z7he"},{"vulnerability":"VCID-f6vs-k7eh-33an"},{"vulnerability":"VCID-hj5x-ms6g-tqa1"},{"vulnerability":"VCID-pwee-955h-33ct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spip/spip@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/512579?format=json","purl":"pkg:deb/debian/spip@2.1.17-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16z2-fzww-83h6"},{"vulnerability":"VCID-1rc7-3yur-qfes"},{"vulnerability":"VCID-2hb7-ps11-27ag"},{"vulnerability":"VCID-35f4-fsfs-2bcj"},{"vulnerability":"VCID-4vrg-fu2f-vbhc"},{"vulnerability":"VCID-5e4r-pkfs-gbf6"},{"vulnerability":"VCID-5hjy-djqd-nqb1"},{"vulnerability":"VCID-76z7-daxa-47dj"},{"vulnerability":"VCID-9ge5-2njt-u3dz"},{"vulnerability":"VCID-av9h-pb2t-hfcn"},{"vulnerability":"VCID-by88-axw6-qycj"},{"vulnerability":"VCID-bz14-hxqb-wyfq"},{"vulnerability":"VCID-c8qm-zhqh-z7he"},{"vulnerability":"VCID-czxk-92ud-nfg8"},{"vulnerability":"VCID-dbtn-9mse-vfhb"},{"vulnerability":"VCID-e5f6-rvh3-j3d5"},{"vulnerability":"VCID-ehf4-vky2-vbgn"},{"vulnerability":"VCID-etmk-f7bn-eyee"},{"vulnerability":"VCID-ezwj-91dq-yyhr"},{"vulnerability":"VCID-f1hb-34h9-5qf6"},{"vulnerability":"VCID-f5sz-8ybj-zkfp"},{"vulnerability":"VCID-f6vs-k7eh-33an"},{"vulnerability":"VCID-fk61-r5gc-zybh"},{"vulnerability":"VCID-hj5x-ms6g-tqa1"},{"vulnerability":"VCID-hrvd-j6ye-4qfp"},{"vulnerability":"VCID-j7f5-sz2n-f3dx"},{"vulnerability":"VCID-mzx8-p11m-6kez"},{"vulnerability":"VCID-pgtb-38pb-rua6"},{"vulnerability":"VCID-pry5-y4es-wueg"},{"vulnerability":"VCID-pwee-955h-33ct"},{"vulnerability":"VCID-q4dz-rqee-5bak"},{"vulnerability":"VCID-q4ys-8949-yuaj"},{"vulnerability":"VCID-qvmf-dzcc-8bhs"},{"vulnerability":"VCID-sfba-72md-rfhp"},{"vulnerability":"VCID-tc6m-8nry-aqfy"},{"vulnerability":"VCID-u6pt-c1tk-z3ce"},{"vulnerability":"VCID-u8kv-9kkz-r3g2"},{"vulnerability":"VCID-xqc3-2prb-gfb8"},{"vulnerability":"VCID-zpm8-94h8-pqcc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@2.1.17-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/512580?format=json","purl":"pkg:deb/debian/spip@3.0.17-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16z2-fzww-83h6"},{"vulnerability":"VCID-1rc7-3yur-qfes"},{"vulnerability":"VCID-2hb7-ps11-27ag"},{"vulnerability":"VCID-35f4-fsfs-2bcj"},{"vulnerability":"VCID-4vrg-fu2f-vbhc"},{"vulnerability":"VCID-5e4r-pkfs-gbf6"},{"vulnerability":"VCID-5hjy-djqd-nqb1"},{"vulnerability":"VCID-76z7-daxa-47dj"},{"vulnerability":"VCID-9ge5-2njt-u3dz"},{"vulnerability":"VCID-av9h-pb2t-hfcn"},{"vulnerability":"VCID-by88-axw6-qycj"},{"vulnerability":"VCID-bz14-hxqb-wyfq"},{"vulnerability":"VCID-c8qm-zhqh-z7he"},{"vulnerability":"VCID-e5f6-rvh3-j3d5"},{"vulnerability":"VCID-ehf4-vky2-vbgn"},{"vulnerability":"VCID-etmk-f7bn-eyee"},{"vulnerability":"VCID-ezwj-91dq-yyhr"},{"vulnerability":"VCID-f5sz-8ybj-zkfp"},{"vulnerability":"VCID-f6vs-k7eh-33an"},{"vulnerability":"VCID-hj5x-ms6g-tqa1"},{"vulnerability":"VCID-hrvd-j6ye-4qfp"},{"vulnerability":"VCID-j7f5-sz2n-f3dx"},{"vulnerability":"VCID-mzx8-p11m-6kez"},{"vulnerability":"VCID-pgtb-38pb-rua6"},{"vulnerability":"VCID-pry5-y4es-wueg"},{"vulnerability":"VCID-pwee-955h-33ct"},{"vulnerability":"VCID-q4dz-rqee-5bak"},{"vulnerability":"VCID-q4ys-8949-yuaj"},{"vulnerability":"VCID-qvmf-dzcc-8bhs"},{"vulnerability":"VCID-sfba-72md-rfhp"},{"vulnerability":"VCID-tc6m-8nry-aqfy"},{"vulnerability":"VCID-u6pt-c1tk-z3ce"},{"vulnerability":"VCID-u8kv-9kkz-r3g2"},{"vulnerability":"VCID-zpm8-94h8-pqcc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.0.17-2"},{"url":"http://public2.vulnerablecode.io/api/packages/512581?format=json","purl":"pkg:deb/debian/spip@3.0.17-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16z2-fzww-83h6"},{"vulnerability":"VCID-1rc7-3yur-qfes"},{"vulnerability":"VCID-2hb7-ps11-27ag"},{"vulnerability":"VCID-35f4-fsfs-2bcj"},{"vulnerability":"VCID-4vrg-fu2f-vbhc"},{"vulnerability":"VCID-5e4r-pkfs-gbf6"},{"vulnerability":"VCID-5hjy-djqd-nqb1"},{"vulnerability":"VCID-76z7-daxa-47dj"},{"vulnerability":"VCID-9ge5-2njt-u3dz"},{"vulnerability":"VCID-av9h-pb2t-hfcn"},{"vulnerability":"VCID-by88-axw6-qycj"},{"vulnerability":"VCID-bz14-hxqb-wyfq"},{"vulnerability":"VCID-c8qm-zhqh-z7he"},{"vulnerability":"VCID-e5f6-rvh3-j3d5"},{"vulnerability":"VCID-ehf4-vky2-vbgn"},{"vulnerability":"VCID-etmk-f7bn-eyee"},{"vulnerability":"VCID-ezwj-91dq-yyhr"},{"vulnerability":"VCID-f5sz-8ybj-zkfp"},{"vulnerability":"VCID-f6vs-k7eh-33an"},{"vulnerability":"VCID-hj5x-ms6g-tqa1"},{"vulnerability":"VCID-hrvd-j6ye-4qfp"},{"vulnerability":"VCID-j7f5-sz2n-f3dx"},{"vulnerability":"VCID-mzx8-p11m-6kez"},{"vulnerability":"VCID-pgtb-38pb-rua6"},{"vulnerability":"VCID-pry5-y4es-wueg"},{"vulnerability":"VCID-pwee-955h-33ct"},{"vulnerability":"VCID-q4dz-rqee-5bak"},{"vulnerability":"VCID-q4ys-8949-yuaj"},{"vulnerability":"VCID-qvmf-dzcc-8bhs"},{"vulnerability":"VCID-sfba-72md-rfhp"},{"vulnerability":"VCID-tc6m-8nry-aqfy"},{"vulnerability":"VCID-u6pt-c1tk-z3ce"},{"vulnerability":"VCID-u8kv-9kkz-r3g2"},{"vulnerability":"VCID-zpm8-94h8-pqcc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.0.17-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/515645?format=json","purl":"pkg:deb/debian/spip@3.1.4-4~deb9u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16z2-fzww-83h6"},{"vulnerability":"VCID-2hb7-ps11-27ag"},{"vulnerability":"VCID-35f4-fsfs-2bcj"},{"vulnerability":"VCID-5e4r-pkfs-gbf6"},{"vulnerability":"VCID-5hjy-djqd-nqb1"},{"vulnerability":"VCID-76z7-daxa-47dj"},{"vulnerability":"VCID-9ge5-2njt-u3dz"},{"vulnerability":"VCID-av9h-pb2t-hfcn"},{"vulnerability":"VCID-by88-axw6-qycj"},{"vulnerability":"VCID-bz14-hxqb-wyfq"},{"vulnerability":"VCID-c8qm-zhqh-z7he"},{"vulnerability":"VCID-f6vs-k7eh-33an"},{"vulnerability":"VCID-hj5x-ms6g-tqa1"},{"vulnerability":"VCID-j7f5-sz2n-f3dx"},{"vulnerability":"VCID-pry5-y4es-wueg"},{"vulnerability":"VCID-pwee-955h-33ct"},{"vulnerability":"VCID-q4dz-rqee-5bak"},{"vulnerability":"VCID-q4ys-8949-yuaj"},{"vulnerability":"VCID-qvmf-dzcc-8bhs"},{"vulnerability":"VCID-sfba-72md-rfhp"},{"vulnerability":"VCID-u6pt-c1tk-z3ce"},{"vulnerability":"VCID-u8kv-9kkz-r3g2"},{"vulnerability":"VCID-zpm8-94h8-pqcc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.1.4-4~deb9u3"},{"url":"http://public2.vulnerablecode.io/api/packages/516184?format=json","purl":"pkg:deb/debian/spip@3.2.4-1%2Bdeb10u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16z2-fzww-83h6"},{"vulnerability":"VCID-2hb7-ps11-27ag"},{"vulnerability":"VCID-35f4-fsfs-2bcj"},{"vulnerability":"VCID-5e4r-pkfs-gbf6"},{"vulnerability":"VCID-5hjy-djqd-nqb1"},{"vulnerability":"VCID-76z7-daxa-47dj"},{"vulnerability":"VCID-9ge5-2njt-u3dz"},{"vulnerability":"VCID-by88-axw6-qycj"},{"vulnerability":"VCID-bz14-hxqb-wyfq"},{"vulnerability":"VCID-c8qm-zhqh-z7he"},{"vulnerability":"VCID-f6vs-k7eh-33an"},{"vulnerability":"VCID-hj5x-ms6g-tqa1"},{"vulnerability":"VCID-j7f5-sz2n-f3dx"},{"vulnerability":"VCID-pry5-y4es-wueg"},{"vulnerability":"VCID-pwee-955h-33ct"},{"vulnerability":"VCID-q4dz-rqee-5bak"},{"vulnerability":"VCID-q4ys-8949-yuaj"},{"vulnerability":"VCID-u6pt-c1tk-z3ce"},{"vulnerability":"VCID-u8kv-9kkz-r3g2"},{"vulnerability":"VCID-zpm8-94h8-pqcc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.4-1%252Bdeb10u9"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44123","reference_id":"","reference_type":"","scores":[{"value":"0.02517","scoring_system":"epss","scoring_elements":"0.85681","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02517","scoring_system":"epss","scoring_elements":"0.85703","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02517","scoring_system":"epss","scoring_elements":"0.85706","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02517","scoring_system":"epss","scoring_elements":"0.85702","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02517","scoring_system":"epss","scoring_elements":"0.85687","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02517","scoring_system":"epss","scoring_elements":"0.85701","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44118","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44118"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44123"},{"reference_url":"https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a","reference_id":"","reference_type":"","scores":[],"url":"https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44123","reference_id":"CVE-2021-44123","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44123"},{"reference_url":"https://usn.ubuntu.com/5482-1/","reference_id":"USN-5482-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5482-1/"},{"reference_url":"https://usn.ubuntu.com/5482-2/","reference_id":"USN-5482-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5482-2/"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":434,"name":"Unrestricted Upload of File with Dangerous Type","description":"The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwee-955h-33ct"}