DEBIAN-CVE-2023-24258

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request...

UBUNTU-CVE-2023-24258

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request...

DEBIAN-CVE-2022-37155

RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the oups parameter...

SPIP 代码注入漏洞

SPIP is a Web-based content publishing system used primarily for online collaboration. A remote code execution vulnerability exists in versions of SPIP prior to 3.2.8, which are primarily used for online collaboration. The vulnerability stems from the oups parameter of /ecrire not properly...

PT-2022-19327

Name of the Vulnerable Software and Affected Versions Spip versions prior to 3.2.8 Description A PHP injection issue allows attackers to execute arbitrary PHP code via the oups parameter at the "/ecrire" API endpoint. Recommendations For versions prior to 3.2.8, update to version 3.2.8 or later t...