16 matches found
CVE-2026-48832
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...
CVE-2026-22205
SPIP before 4.4.10 contains an authentication bypass caused by PHP type juggling in the login logic, enabling unauthenticated access to protected data. The issue stems from loose type comparisons in authentication (no credentials or user interaction required). CVSSv4 metrics indicate network acce...
SPIP 安全漏洞
SPIP is an open-source software for creating Internet websites. Versions of SPIP prior to 4.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the pre-proprietary pipeline, which combined untrusted request parameters into HTML output, potentially allowing for reflection-ty...
CVE-2026-27474
SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...
Linux Distros Unpatched Vulnerability : CVE-2024-53619
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted P...
Linux Distros Unpatched Vulnerability : CVE-2022-26847
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. CVE-2022-26847 Note that Nessus relies on the...
UBUNTU-CVE-2024-7954
The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...
The vulnerability of the publishing module of the SPIP content management system allows attackers to execute cross-site scripting attacks (XSS).
The vulnerability of the SPIP content management system’s publishing module is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
UBUNTU-CVE-2019-16392
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages...
SPIP Cross-Footprint Vulnerability (CNVD-2016-13014)
SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A cross-scripting vulnerability exists in the /ecrire/exec/infoplugin.php file in SPIP version 3.1.x. A remote attacker can inject arbitrary script or HTML with the help of a specially craft...
DEBIAN-CVE-2016-3154
The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...
SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit
No description provided by source. !/usr/bin/env python SPIP - Content Management System 2.0.9 exploit http://www.securityfocus.com/bid/36008 Author : KernelPanik import urllib, urllib2 import cookielib import sys def sendrequesturlOpener, url, postdata=None: request = urllib2.Requesturl url =...
SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit
No description provided by source. !/usr/bin/env python SPIP - Content Management System 2.0.9 exploit http://www.securityfocus.com/bid/36008 Author : KernelPanik import urllib, urllib2 import cookielib import sys def sendrequesturlOpener, url, postdata=None: request = urllib2.Requesturl url =...
SPIP 2.0.9 - Arbitrary Copy All Passwords to .XML File
SPIP 2.0.9 - Arbitrary Copy All Passwords to .XML File !/usr/bin/env python SPIP - Content Management System " exit filename = sys.argv2 baseurl = sys.argv1 cookiejar = cookielib.CookieJar urlOpener = urllib2.buildopenerurllib2.HTTPCookieProcessorcookiejar formulaire = sendrequesturlOpener,...
DEBIAN-CVE-2008-5812
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors...
DEBIAN-CVE-2006-0519
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message...