5 matches found
CVE-2026-27745
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...
CVE-2026-27745
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...
CVE-2026-27745 SPIP interface_traduction_objets < 2.2.2 Authenticated RCE
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...
CVE-2026-27745 SPIP interface_traduction_objets < 2.2.2 Authenticated RCE
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...
CVE-2026-27745
The CVE-2026-27745 entry concerns the SPIP plugin interface_traduction_objets, affected when using versions prior to 4.3.3. An authenticated attacker with editor-level privileges can exploit an authenticated RCE vulnerability by injecting crafted content into a hidden form field populated with un...