CVE-2025-71242
SPIP exposes an Authorization Bypass in private content disclosure for versions prior to 4.3.6, including 4.2.17 and 4.1.20. The flaw occurs when SPIP displays article and rubrique content in AJAX-loaded fragments without proper authorization checks, enabling an authenticated attacker to access r...