4 matches found
CVE-2026-27475
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
CVE-2026-27475
Summary: SPIP up to 4.4.8 is affected by an insecure deserialization vulnerability in the public area via the table_valeur filter and the DATA iterator, which accept serialized data. The underlying issue is deserialization of untrusted content, allowing an attacker who has prior access (or anothe...
CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
PT-2026-20848
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions prior to 4.4.9 contain an insecure deserialization flaw. This issue affects the public area through the table valeur filter and the DATA iterator, which accept serialized data. An attacker...