Lucene search
K

16 matches found

Vulnrichment
Vulnrichment
added 2026/05/24 10:36 p.m.9 views

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

3.5CVSS5.8AI score0.00186EPSS
Exploits0References3
CVE
CVE
added 2026/02/26 8:18 p.m.28 views

CVE-2026-22205

SPIP before 4.4.10 contains an authentication bypass caused by PHP type juggling in the login logic, enabling unauthenticated access to protected data. The issue stems from loose type comparisons in authentication (no credentials or user interaction required). CVSSv4 metrics indicate network acce...

8.7CVSS5.5AI score0.00468EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.12 views

SPIP 安全漏洞

SPIP is an open-source software for creating Internet websites. Versions of SPIP prior to 4.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the pre-proprietary pipeline, which combined untrusted request parameters into HTML output, potentially allowing for reflection-ty...

6.1CVSS5.7AI score0.00201EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/19 6:38 p.m.3 views

CVE-2026-27474

SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...

5.4CVSS5.6AI score0.00264EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-53619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted P...

6.3CVSS6AI score0.00545EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-26847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. CVE-2022-26847 Note that Nessus relies on the...

5.3CVSS6.1AI score0.01299EPSS
Exploits0References2
OSV
OSV
added 2024/08/23 6:15 p.m.5 views

UBUNTU-CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

9.8CVSS6.5AI score0.89947EPSS
Exploits10References5
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.6 views

The vulnerability of the publishing module of the SPIP content management system allows attackers to execute cross-site scripting attacks (XSS).

The vulnerability of the SPIP content management system’s publishing module is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

7.5CVSS5.2AI score
Exploits0References4Affected Software2
OSV
OSV
added 2019/09/17 9:15 p.m.3 views

UBUNTU-CVE-2019-16392

SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages...

6.1CVSS6.9AI score0.0116EPSS
Exploits0References5
CNVD
CNVD
added 2016/12/20 12:0 a.m.3 views

SPIP Cross-Footprint Vulnerability (CNVD-2016-13014)

SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A cross-scripting vulnerability exists in the /ecrire/exec/infoplugin.php file in SPIP version 3.1.x. A remote attacker can inject arbitrary script or HTML with the help of a specially craft...

6.1CVSS6.8AI score0.00933EPSS
Exploits0References1
OSV
OSV
added 2016/04/08 2:59 p.m.3 views

DEBIAN-CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

9.8CVSS8AI score0.01835EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit

No description provided by source. !/usr/bin/env python SPIP - Content Management System 2.0.9 exploit http://www.securityfocus.com/bid/36008 Author : KernelPanik import urllib, urllib2 import cookielib import sys def sendrequesturlOpener, url, postdata=None: request = urllib2.Requesturl url =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/08/18 12:0 a.m.17 views

SPIP &lt; 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit

No description provided by source. !/usr/bin/env python SPIP - Content Management System 2.0.9 exploit http://www.securityfocus.com/bid/36008 Author : KernelPanik import urllib, urllib2 import cookielib import sys def sendrequesturlOpener, url, postdata=None: request = urllib2.Requesturl url =...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/08/18 12:0 a.m.26 views

SPIP 2.0.9 - Arbitrary Copy All Passwords to .XML File

SPIP 2.0.9 - Arbitrary Copy All Passwords to .XML File !/usr/bin/env python SPIP - Content Management System " exit filename = sys.argv2 baseurl = sys.argv1 cookiejar = cookielib.CookieJar urlOpener = urllib2.buildopenerurllib2.HTTPCookieProcessorcookiejar formulaire = sendrequesturlOpener,...

0.7AI score
Exploits0
OSV
OSV
added 2009/01/02 6:11 p.m.4 views

DEBIAN-CVE-2008-5812

Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors...

10CVSS7.1AI score0.01528EPSS
Exploits0References1
OSV
OSV
added 2006/02/02 11:2 a.m.4 views

DEBIAN-CVE-2006-0519

SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message...

5CVSS6.3AI score0.02106EPSS
Exploits0References1
Rows per page
Query Builder