21 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-33549
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure becau...
DEBIAN-CVE-2026-22206
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...
SPIP 安全漏洞
SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.10 contained security vulnerabilities. These vulnerabilities stemmed from PHP type conversion, which allowed unauthorized attackers to bypass authentication and access protected informati...
SPIP SQL注入漏洞
SPIP is SPIP open source a free software for creating Internet sites. A SQL injection vulnerability exists in versions of SPIP prior to 4.4.10. The vulnerability stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to achieve...
📄 SPIP Unauthenticated Remote Code Execution / Insecure Deserialization
A remote code execution vulnerability was identified in SPIP due to improper handling of user-supplied serialized data. The application fails to properly validate or restrict unsafe object deserialization, allowing an attacker to supply crafted input that triggers unintended object instantiation...
SPIP 安全漏洞
SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.9 contained a security vulnerability, which was caused by improper cleaning of URLSYNDIC outputs on private joint site pages. This vulnerability could lead to storage-side cross-site...
PT-2026-20913
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions before 4.4.9 contain a Blind Server-Side Request Forgery SSRF issue related to syndicated sites within the private area. The application does not validate the syndication URL when editing ...
PT-2024-6564
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.30-alpha2, 4.2.13, and 4.1.16 Description The porte plume plugin used by SPIP is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user...
DSA-5367-1 spip - security update
Bulletin has no description...
Remote Code Execution (RCE)
spip is vulnerable to remote code execution. The vulnerability exists due to a lack of validation allowing an attacker to execute maliciously crafted script in the system...
DEBIAN-CVE-2019-19830
core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database...
DSA-4583-1 spip - security update
Bulletin has no description...
CVE-2013-4555
Cross-site request forgery CSRF vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors...
CVE-2013-4557
The Security Screen core/securite/ecransecurite.php before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter...
UBUNTU-CVE-2013-4555
Cross-site request forgery CSRF vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors...
CVE-2008-5813
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-4525
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelettecache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...
CVE-2006-1295
Cross-site scripting XSS vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter...
DEBIAN-CVE-2006-0518
Cross-site scripting XSS vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
CVE-2006-0517
Multiple SQL injection vulnerabilities in formulaires/inc-formulaireforum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 idforum, 2 idarticle, or 3 idbreve parameters to forum.php3; 4 unspecified vectors related...