SPIP interface_traduction_objets 安全漏洞

SPIP interfacetraductionobjets is an extension plugin from SPIP. A SQL injection vulnerability exists in versions of SPIP interfacetraductionobjets prior to 2.2.2. The vulnerability stems from interfacetraductionobjetspipelines.php directly concatenating the idparent parameter to the SQL WHERE...

PT-2026-21860

Name of the Vulnerable Software and Affected Versions SPIP interface traduction objets plugin versions prior to 2.2.2 SPIP interface traduction objets plugin versions 2.2.2 through 4.3.3 Description The SPIP interface traduction objets plugin contains an authenticated remote code execution issue ...

PT-2026-21862

The SPIP interface traduction objets plugin versions prior to 4.3.3 contain an authenticated SQL injection vulnerability in interface traduction objets pipelines.php. When handling translation requests, the plugin reads the id parent parameter from user-supplied input and concatenates it directly...