CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

EUVD-2023-60190

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

CVE-2023-24258

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request...

PT-2022-11995 · Spip +2 · Spip +2

Name of the Vulnerable Software and Affected Versions: SPIP version 4.0.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability in the ecrire/public/interfaces.php file, specifically affecting the "Who are you" and "Website Name" fields. An editor can modify their personal...