37 matches found
CVE-2024-33722
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...
EUVD-2024-31432
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...
CVE-2024-33722
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...
CVE-2024-33722
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...
CVE-2024-33722
SOPlanning 1.52.00 is affected by an authenticated SQL Injection in the projets.php page (statut[] parameter). The CVE-2024-33722 entry shows a MEDIUM severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) with an authenticated, low-privilege actor able to induce database queries via a crafted ...
CVE-2024-33722
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...
CVE-2024-33722
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...
CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
EUVD-2026-14268
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
DEBIAN-CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
UBUNTU-CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
CVE-2026-33549
SPIP 4.4.10–4.4.12 contains a vulnerability where STATUT mishandling during editing an author data structure allows unintended administrator privilege assignment. Affected versions: SPIP 4.4.10 through 4.4.12 prior to 4.4.13. Impact is employee-level or higher privilege escalation (administrator ...
CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
PT-2026-26961
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...
SPIP 安全漏洞
SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.13 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the author’s data structure by STATUT, which could lead to improper permission allocatio...