PT-2022-19328

🗓️ 25 Nov 2020 00:00:00Reported by Positive TechnologiesType

SQL injection in Spip Framework up to v3.1.13 affects /ecrire via lier trad and where; update.

Reporter	Title	Published	Views	Family All 199
FreeBSD	typo3 -- XSS vulnerability in svg-sanitize	22 Feb 202200:00	–	freebsd
0day.today	SPIP Remote Command Execution Exploit	18 Apr 202300:00	–	zdt
0day.today	SPIP v4.2.0 - Remote Code Execution (Unauthenticated) Exploit	26 Jun 202300:00	–	zdt
0day.today	SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution Exploit	14 Sep 202400:00	–	zdt
GithubExploit	Exploit for Deserialization of Untrusted Data in Spip	11 Jul 202310:00	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Spip	5 Jul 202314:41	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Spip	28 Apr 202513:48	–	githubexploit
GithubExploit	Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip	1 Aug 202511:14	–	githubexploit
GithubExploit	eCPPT-Penetration-Testing-Reports	3 Jun 202600:02	–	githubexploit
GithubExploit	Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip	6 Sep 202418:17	–	githubexploit

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2023-24258
ubuntu	www.ubuntu.com/security/CVE-2022-37155
osv	www.osv.dev/vulnerability/USN-7318-1
thinkloveshare	www.thinkloveshare.com/en/hacking/rce_on_spip_and_root_me
github	www.github.com/0SPwn/CVE-2023-27372-PoC
ubuntu	www.ubuntu.com/security/CVE-2022-28960
ubuntu	www.ubuntu.com/security/notices/USN-7318-1
github	www.github.com/nuts7/CVE-2023-27372
blog	www.blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html
osv	www.osv.dev/vulnerability/CVE-2022-28961

06 Apr 2026 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.18.8 - 9.8

CVSS 26.5

EPSS0.93372

SSVC