Lucene search
K

1245 matches found

CNNVD
CNNVD
added 2026/03/22 12:0 a.m.11 views

SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.13 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the author’s data structure by STATUT, which could lead to improper permission allocatio...

8.8CVSS5.8AI score0.00239EPSS
Exploits0References4
OSV
OSV
added 2026/03/22 12:0 a.m.3 views

DSA-6174-1 spip - security update

Bulletin has no description...

8.8CVSS5.7AI score0.00239EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure becau...

8.8CVSS5.8AI score0.00239EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/15 10:42 p.m.136 views

Exploit_SPIP_-CTF-

ExploitS...

5.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/03/13 7:6 p.m.14 views

Metasploit Wrap-Up 03/13/2026

No bad luck here: Friday the 13th brings new modules and a Metasploit Pro milestone This week’s Metasploit Framework release delivers three new modules across reconnaissance, evasion, and exploitation: LeakIX-powered discovery for exposed services and leaked data, a Linux x64 RC4 payload packer f...

9.8CVSS5.8AI score0.05126EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/03/12 12:0 a.m.287 views

📄 SPIP CMS Analysis Scanner Script

This is an exploitation tool designed for websites running the SPIP CMS versions 5.4.0 through 5.11.0. The tool performs automated detection and enumeration of SPIP installations, identifies installed plugins, attempts to determine plugin versions, and searches for forms using the saisies plugin...

5.8AI score
Exploits0
CNVD
CNVD
added 2026/03/11 12:0 a.m.6 views

SPIP SQL Injection Vulnerability

SPIP is SPIP open source a free software for creating Internet sites. A SQL injection vulnerability exists in versions of SPIP prior to 4.4.10. The vulnerability stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to achieve...

8.8CVSS6.4AI score0.00561EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/11 12:0 a.m.3 views

SPIP interface_traduction_objets SQL Injection Vulnerability

SPIP interfacetraductionobjets is an extension plugin from SPIP. A SQL injection vulnerability exists in versions of SPIP interfacetraductionobjets prior to 2.2.2. The vulnerability stems from interfacetraductionobjetspipelines.php directly concatenating the idparent parameter to the SQL WHERE...

8.8CVSS6AI score0.00378EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.129 views

📄 SPIP Saisies 5.11.0 Remote Code Execution

This Metasploit module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requires a...

9.8CVSS6.2AI score0.05126EPSS
Exploits5
Metasploit
Metasploit
added 2026/03/09 6:57 p.m.305 views

SPIP Saisies Plugin Unauthenticated RCE

This module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin CVE-2025-71243. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requir...

9.8CVSS6.2AI score0.05126EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/03/07 12:14 a.m.225 views

Exploit for Deserialization of Untrusted Data in Spip

CVE-20...

9.8CVSS5.8AI score0.99637EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.7 views

Debian dsa-6155 : spip - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6155 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6155-1 [email protected] https://www.debian.org/securit...

9.2CVSS6.2AI score0.00776EPSS
Exploits2References18
OpenVAS
OpenVAS
added 2026/03/04 12:0 a.m.6 views

Debian: Security Advisory (DSA-6155-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.2CVSS6AI score0.00776EPSS
Exploits2References2
Debian
Debian
added 2026/03/03 10:30 a.m.18 views

[SECURITY] [DSA 6155-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6155-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 03, 2026 https://www.debian.org/security/faq -...

9.2CVSS6AI score0.00776EPSS
Exploits2
OSV
OSV
added 2026/03/03 12:0 a.m.9 views

DSA-6155-1 spip - security update

Bulletin has no description...

9.2CVSS5.7AI score0.00776EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-22205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protect...

8.7CVSS5.8AI score0.00468EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-22206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low- privilege users to execute arbitrary SQL queries by...

8.8CVSS6.3AI score0.00561EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/28 1:54 a.m.8 views

CVE-2026-22205

SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive...

8.7CVSS6AI score0.00468EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:54 a.m.5 views

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

8.8CVSS6.8AI score0.00561EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 9:31 p.m.7 views

EUVD-2026-8884

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

8.7CVSS7AI score0.00561EPSS
Exploits0References4
Rows per page
Query Builder