4 matches found
CVE-2013-4557
The Security Screen core/securite/ecransecurite.php before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter...
CVE-2013-4556
Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...
DEBIAN-CVE-2013-4557
The Security Screen core/securite/ecransecurite.php before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter...
UBUNTU-CVE-2013-2118
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php...