SPIP is a Web-based content publishing system used primarily for online collaboration. A remote code execution vulnerability exists in versions of SPIP prior to 3.2.8, which are primarily used for online collaboration. The vulnerability stems from the _oups parameter of /ecrire not properly filtering the special elements of the constructed snippet. An attacker could exploit this vulnerability to cause arbitrary PHP code execution.