4 matches found
SQL Injection
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
UBUNTU-CVE-2022-28961
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
PT-2022-19327
Name of the Vulnerable Software and Affected Versions Spip versions prior to 3.2.8 Description A PHP injection issue allows attackers to execute arbitrary PHP code via the oups parameter at the "/ecrire" API endpoint. Recommendations For versions prior to 3.2.8, update to version 3.2.8 or later t...
PT-2022-19328
Name of the Vulnerable Software and Affected Versions Spip Web Framework versions v3.1.13 and earlier Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities are located at the "/ecrire" endpoint via the lier trad and where parameters. Recommendations For Spip...