1245 matches found
SPIP 安全漏洞
SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.13 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the author’s data structure by STATUT, which could lead to improper permission allocatio...
DSA-6174-1 spip - security update
Bulletin has no description...
Linux Distros Unpatched Vulnerability : CVE-2026-33549
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure becau...
Exploit_SPIP_-CTF-
ExploitS...
Metasploit Wrap-Up 03/13/2026
No bad luck here: Friday the 13th brings new modules and a Metasploit Pro milestone This week’s Metasploit Framework release delivers three new modules across reconnaissance, evasion, and exploitation: LeakIX-powered discovery for exposed services and leaked data, a Linux x64 RC4 payload packer f...
📄 SPIP CMS Analysis Scanner Script
This is an exploitation tool designed for websites running the SPIP CMS versions 5.4.0 through 5.11.0. The tool performs automated detection and enumeration of SPIP installations, identifies installed plugins, attempts to determine plugin versions, and searches for forms using the saisies plugin...
SPIP SQL Injection Vulnerability
SPIP is SPIP open source a free software for creating Internet sites. A SQL injection vulnerability exists in versions of SPIP prior to 4.4.10. The vulnerability stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to achieve...
SPIP interface_traduction_objets SQL Injection Vulnerability
SPIP interfacetraductionobjets is an extension plugin from SPIP. A SQL injection vulnerability exists in versions of SPIP interfacetraductionobjets prior to 2.2.2. The vulnerability stems from interfacetraductionobjetspipelines.php directly concatenating the idparent parameter to the SQL WHERE...
📄 SPIP Saisies 5.11.0 Remote Code Execution
This Metasploit module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requires a...
SPIP Saisies Plugin Unauthenticated RCE
This module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin CVE-2025-71243. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requir...
Exploit for Deserialization of Untrusted Data in Spip
CVE-20...
Debian dsa-6155 : spip - security update
The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6155 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6155-1 [email protected] https://www.debian.org/securit...
Debian: Security Advisory (DSA-6155-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 6155-1] spip security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6155-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 03, 2026 https://www.debian.org/security/faq -...
DSA-6155-1 spip - security update
Bulletin has no description...
Linux Distros Unpatched Vulnerability : CVE-2026-22205
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protect...
Linux Distros Unpatched Vulnerability : CVE-2026-22206
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low- privilege users to execute arbitrary SQL queries by...
CVE-2026-22205
SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive...
CVE-2026-22206
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...
EUVD-2026-8884
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...