Linux Distros Unpatched Vulnerability : CVE-2026-48832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability. CVE-2026-48832 Note that Nessus relies on the presence of the...

SPIP 代码注入漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.14 had a code injection vulnerability, which was caused by remote code execution from private spaces, potentially allowing arbitrary code to be executed...

📄 SPIP CMS Analysis Scanner Script

This is an exploitation tool designed for websites running the SPIP CMS versions 5.4.0 through 5.11.0. The tool performs automated detection and enumeration of SPIP installations, identifies installed plugins, attempts to determine plugin versions, and searches for forms using the saisies plugin...

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

SPIP Ultimate Auditor – Comprehensive Security Assessment Script

SPIP Ultimate Auditor is a Python-based security assessment script designed to perform a multi-phase audit against a SPIP CMS installation. The tool automates reconnaissance and misconfiguration detection tasks to identify potential security weaknesses in a target deployment...

CVE-2026-27473

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

CVE-2025-71240

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

CVE-2025-71250

...

Linux Distros Unpatched Vulnerability : CVE-2026-26223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe...

Exploit for CVE-2024-7954

Exploitation of Remote Code Execution Vulnerability CVE-2024-...

Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip

PoC exploit for CVE-2024-8517, an unauthenticated Remote Code Ex...

Exploit for CVE-2024-7954

CVE-2024-7954 - SPIP 4.2.8 Remote Command Execution RCE Expl...

Exploit for Deserialization of Untrusted Data in Spip

SPIP CVE-2023-27372 Unauthenticated RCE Exploit Web Shell Upl...

SPIP CMS < 4.1.16 / 4.2.x < 4.2.13 / 4.3.x < 4.3.0-alpha2 Remote Code Execution

The SPIP CMS versions prior to 4.1.16 or 4.2.x prior to 4.2.13 or 4.3.x prior to 4.3.0-alpha2 are vulnerable to an unauthenticated Remote Code Execution through the 'porteplume' plugin by sending a specially forged HTTP request. No source data...

SPIP CMS < 3.2.18 / 4.0.x < 4.0.10 / 4.1.x < 4.1.8 / 4.2.x < 4.2.1 Object Injection RCE

The SPIP CMS is vulnerable to an unauthenticated Remote Code Execution via form values in the public area because serialization is mishandled. No source data...

SPIP CMS < 3.2.12 / 4.0.x < 4.0.1 SQL Injection

The SPIP CMS installed on the remote host is affected by an unauthenticated SQL injection vulnerability due to improper sanitization of user-supplied input. A remote attacker can exploit this issue to manipulate SQL queries, resulting in the disclosure of sensitive information and modification of...

SPIP CMS 4.0.x < 4.0.5 Multiples Vulnerabilities

According to its self-reported version, the instance of SPIP CMS running on the remote web server is prior to 3.2.14 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiples vulnerabilities : - A Remote Code Execution - Unauthenticated access to information about editorial objects. Note...

SPIP CMS < 3.1.14 Multiples Vulnerabilities

According to its self-reported version, the instance of SPIP CMS running on the remote web server is prior to 3.1.14 or 3.2.x prior to 3.2.8. It is, therefore, affected by multiples vulnerabilities : - An SQL injection vulnerabilities at /ecrire via the liertrad and where parameters - A PHP code...

SPIP CMS 4.0.x < 4.0.1 Multiples Vulnerabilities

According to its self-reported version, the instance of SPIP CMS running on the remote web server is 4.0.x prior to 4.0.1. It is, therefore, affected by multiples vulnerabilities : - A Remote Code Execution through a malicious picture with a double extension - Multiples Cross-Site Request Forgery...

SPIP CMS 4.1.x < 4.1.2 Remote Code Execution

According to its self-reported version, the instance of SPIP CMS running on the remote web server is prior to 3.2.16 or 4.0.x prior to 4.0.8 or 4.1.X prior to 4.1.5. It is, therefore, affected by an Remote Code Execution via the oups parameter. Note that the scanner has not tested for these issue...