50 matches found
CVE-2026-48832
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...
CVE-2026-48832
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...
CVE-2026-48832
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...
UBUNTU-CVE-2026-48832
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...
CVE-2026-48832
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...
EUVD-2026-31601
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...
CVE-2026-48832
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...
SPIP 输入验证错误漏洞
SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.15 had a vulnerability related to input validation errors, which stemmed from an open-redirecting vulnerability in the action/cookie.php file within ecrire...
Linux Distros Unpatched Vulnerability : CVE-2022-28961
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
Linux Distros Unpatched Vulnerability : CVE-2021-44120
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An...
Linux Distros Unpatched Vulnerability : CVE-2022-28960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the oups parameter at /ecrire. CVE-2022-28960 Note that...
Cross Site Scripting(XSS)
spip:sid is vulnerable to Cross Site ScriptingXSS. This vulnerability due to input fromrequest is not restricted to safe characters. It allow an attacker to change files in ecrire/public/assembler.php...
DEBIAN-CVE-2023-52322
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from request is not restricted to safe characters such as alphanumerics...
Design/Logic Flaw
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from request is not restricted to safe characters such as alphanumerics...
CVE-2023-52322
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from request is not restricted to safe characters such as alphanumerics...
SQL Injection
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
SPIP SQL Injection Vulnerability
SPIP is a web-based content publishing system. A SQL injection vulnerability exists in SPIP version 3.1.13 and earlier, which stems from a lack of validation of external input SQL statements in the liertrad and where parameters of /ecrire. An attacker could use this vulnerability to execute illeg...
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the oups parameter at /ecrire...
DEBIAN-CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the oups parameter at /ecrire...
CVE-2022-28961
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...