CVE-2026-0748

A flaw was found in the Drupal 7 Internationalization i18n module, specifically within its i18nnode submodule. A user possessing both "Translate content" and "Administer content translations" permissions can exploit this vulnerability. By utilizing the translation user interface UI and its...

PT-2026-28309

Name of the Vulnerable Software and Affected Versions Drupal versions 7.x-1.0 through 7.x-1.35 Description The Internationalization i18n module’s i18n node submodule in Drupal allows a user possessing both “Translate content” and “Administer content translations” permissions to view and attach...

SPIP interface_traduction_objets SQL Injection Vulnerability

SPIP interfacetraductionobjets is an extension plugin from SPIP. A SQL injection vulnerability exists in versions of SPIP interfacetraductionobjets prior to 2.2.2. The vulnerability stems from interfacetraductionobjetspipelines.php directly concatenating the idparent parameter to the SQL WHERE...

CVE-2026-27745

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

CVE-2026-27745

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

CVE-2026-27747 SPIP interface_traduction_objets < 2.2.2 Authenticated SQL Injection

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interfacetraductionobjetspipelines.php. When handling translation requests, the plugin reads the idparent parameter from user-supplied input and concatenates it directly into ...

CVE-2026-27747 SPIP interface_traduction_objets < 2.2.2 Authenticated SQL Injection

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interfacetraductionobjetspipelines.php. When handling translation requests, the plugin reads the idparent parameter from user-supplied input and concatenates it directly into ...

SPIP interface_traduction_objets 安全漏洞

SPIP interfacetraductionobjets is an extension plugin developed by SPIP Inc. Versions of SPIP interfacetraductionobjets prior to 2.2.2 contained a security vulnerability. This vulnerability stemmed from the translation interface workflow merging untrusted request data into hidden form fields, whi...

SA-2008-068 - Localization client and Localization server - Cross site request forgery

The Localization client module allows you to translate the interface of your Drupal site from within each page as you go. The Localization server module provides a community translation interface for translating Drupal modules and themes and is primarily used by Drupal translation teams. The serv...