It was discovered that SPIP, a website engine for publishing, would allow a malicious user to access protected information, and perform various SQL injection, Cross-Side Scripting (XSS), and Server-Side Request Forgery (SSRF) attacks. In some cases this could result in arbitrary code execution.
https://security-tracker.debian.org/tracker/DSA-6155-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-6155-1
Continue reading...

