10 matches found
CVE-2026-27744
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...
EUVD-2026-8608
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...
CVE-2026-27744
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...
CVE-2026-27744
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...
CVE-2026-27744 SPIP tickets < 4.3.3 Unauthenticated RCE
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...
CVE-2026-27744
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...
CVE-2026-27744 SPIP tickets < 4.3.3 Unauthenticated RCE
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...
CVE-2026-27744
The CVE-2026-27744 entry concerns the SPIP tickets plugin (versions prior to 4.3.3) with an unauthenticated remote code execution in the forum preview handling for public ticket pages. The vulnerability arises from appending untrusted request parameters into HTML that is later rendered by a templ...
PT-2026-21859
Name of the Vulnerable Software and Affected Versions SPIP tickets plugin versions prior to 4.3.3 Description The SPIP tickets plugin is affected by a remote code execution issue. An unauthenticated attacker can execute code on the web server through crafted content injection. The plugin appends...
SPIP tickets 安全漏洞
SPIP tickets are an extension plugin provided by the SPIP company. Versions of SPIP tickets prior to 4.3.3 contained a security vulnerability. This vulnerability stemmed from the forum preview processing, which added untrusted request parameters to HTML, potentially allowing remote code execution...