15 matches found
SPIP interface_traduction_objets SQL Injection Vulnerability
SPIP interfacetraductionobjets is an extension plugin from SPIP. A SQL injection vulnerability exists in versions of SPIP interfacetraductionobjets prior to 2.2.2. The vulnerability stems from interfacetraductionobjetspipelines.php directly concatenating the idparent parameter to the SQL WHERE...
CVE-2026-27743
The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...
CVE-2026-27747
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interfacetraductionobjetspipelines.php. When handling translation requests, the plugin reads the idparent parameter from user-supplied input and concatenates it directly into ...
CVE-2026-27747
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interfacetraductionobjetspipelines.php. When handling translation requests, the plugin reads the idparent parameter from user-supplied input and concatenates it directly into ...
CVE-2026-27745
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...
CVE-2026-27747
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interfacetraductionobjetspipelines.php. When handling translation requests, the plugin reads the idparent parameter from user-supplied input and concatenates it directly into ...
CVE-2026-27743
The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...
CVE-2026-27743 SPIP referer_spam < 1.3.0 Unauthenticated SQL Injection
The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...
CVE-2026-27743
The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...
CVE-2026-27745 SPIP interface_traduction_objets < 2.2.2 Authenticated RCE
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...
CVE-2026-27745 SPIP interface_traduction_objets < 2.2.2 Authenticated RCE
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...
CVE-2026-27747 SPIP interface_traduction_objets < 2.2.2 Authenticated SQL Injection
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interfacetraductionobjetspipelines.php. When handling translation requests, the plugin reads the idparent parameter from user-supplied input and concatenates it directly into ...
CVE-2026-27747
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interfacetraductionobjetspipelines.php. When handling translation requests, the plugin reads the idparent parameter from user-supplied input and concatenates it directly into ...
SPIP interface_traduction_objets 安全漏洞
SPIP interfacetraductionobjets is an extension plugin from SPIP. A SQL injection vulnerability exists in versions of SPIP interfacetraductionobjets prior to 2.2.2. The vulnerability stems from interfacetraductionobjetspipelines.php directly concatenating the idparent parameter to the SQL WHERE...
Exploit for CVE-2024-7954
Description The porteplume plugin used by SPIP before 4.30-...