95 matches found
CVE-2016-3153
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...
CVE-2016-3153
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...
CVE-2016-3153
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...
UBUNTU-CVE-2016-3154
The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...
SPIP code injection vulnerability (CNVD-2016-01731)
SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A code injection vulnerability exists in SPIP. An attacker can exploit this vulnerability to inject arbitrary PHP code by performing an add content operation...
CVE-2013-4556
Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...
CVE-2013-2118
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php...
EUVD-2013-2087
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php...
DEBIAN-CVE-2008-5813
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information...
DEBIAN-CVE-2007-4525
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelettecache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...
CVE-2007-4525
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelettecache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...
CVE-2006-1702
PHP remote file inclusion vulnerability in spiplogin.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter...
CVE-2006-0625
Directory traversal vulnerability in SpipRSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALStypeurls parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file...
CVE-2006-0519
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message...
CVE-2005-4494
Cross-site scripting XSS vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 spiplogin.php3 and 2 spippass.php3...