CVE-2025-71250
SPIP before 4.4.9 is affected by an Insecure Deserialization via the table_valeur filter and the DATA iterator, which accept serialized data. An attacker with prior access or another vulnerability can trigger arbitrary object instantiation and potentially code execution. The use of serialized dat...