PT-2026-40348

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

PT-2026-20854

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.8 Description SPIP before version 4.4.8 contains a Cross-Site Scripting XSS issue in the public area due to insufficient detection of malicious content by the echapper html suspect function. This allows an attacker t...

CVE-2023-53900

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

DEBIAN-CVE-2023-53900

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

EUVD-2023-60190

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

EUVD-2009-3025

Malware in sbrugna...

EUVD-2006-0633

Malware in sbrugna...

EUVD-2023-28315

Malicious code in bioql PyPI...

EUVD-2021-30974

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-7998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a...

Linux Distros Unpatched Vulnerability : CVE-2019-16393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. CVE-2019-16393 Note that Nessus...

CVE-2024-23659

SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...

CVE-2024-53619

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...

CVE-2023-24258

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request...

CVE-2021-44122

SPIP 4.0.0 is affected by a Cross Site Request Forgery CSRF vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to...

PT-2024-35795 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP version 4.3.3 Description: A cross-site scripting XSS vulnerability in the Article module of SPIP allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter. This...

CVE-2023-24258

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request...