Vulnerability DatabaseCVE-2021-44123

CVE-2021-44123:
Linux Debian vulnerability analysis and mitigation

Overview

SPIP 4.0.0 was affected by a remote command execution vulnerability identified as CVE-2021-44123. The vulnerability was discovered and disclosed in January 2022, affecting the SPIP content management system (NVD).

Technical details

The vulnerability allowed remote command execution through crafted malicious picture files. This security flaw was one of several vulnerabilities discovered by researchers Charles Fol and Théo Gordyjan, which included Cross Site Scripting (XSS) issues that could potentially lead to code execution (Ubuntu Security).

Impact

If successfully exploited, the vulnerability could allow attackers to execute arbitrary code on the affected systems. The issue was particularly concerning as it affected multiple versions of the SPIP content management system and could lead to complete system compromise (Ubuntu Security).

Mitigation and workarounds

The vulnerability was addressed in subsequent updates to SPIP. Ubuntu users were advised to update their systems to specific package versions: Ubuntu 21.10 users to spip version 3.2.11-3+deb11u3build0.21.10.1, and Ubuntu 20.04 users to spip version 3.2.7-1ubuntu0.1 (Ubuntu Security, Ubuntu Security).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

8.8

Score

Published January 26, 2022

Severity HIGH

CNA Score N/A

Affected Technologies

Linux Debian
Linux Ubuntu

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 82

Exploitation Probability (EPSS) 1.7

Affected packages and libraries

spip

Sources

NVD
Debian Security Tracker
- Debian 9, 10, 11 Severity HIGHHas FixAdded at: Feb 01, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Ubuntu Security Tracker
- Ubuntu 16.04 Severity MEDIUMNo FixAdded at: Nov 13, 2023
- Ubuntu 18.04, 20.04 Severity MEDIUMHas FixAdded at: Jan 27, 2022
- Ubuntu 21.10 Severity MEDIUMHas FixAdded at: Nov 01, 2022

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-23745	HIGH	8.2	JavaScript	argo-workflows-fips-3.6	No	Yes	Jan 16, 2026
CVE-2026-23535	HIGH	8	Python	wlc	No	Yes	Jan 16, 2026
CVE-2026-23490	HIGH	7.5	Python	pyasn1	No	Yes	Jan 16, 2026
CVE-2026-23643	MEDIUM	5.4	CakePHP	cakephp	No	Yes	Jan 16, 2026
CVE-2025-61873	LOW	2.6	Linux Debian	request-tracker4	No	Yes	Jan 16, 2026