Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip spip vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2024-23659
SPIP prior to 4.1.14 and 4.2.x prior to 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
Spip Spip
6.1
CVSSv3
CVE-2023-52322
ecrire/public/assembler.php in SPIP prior to 4.1.13 and 4.2.x prior to 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
Spip Spip
9.8
CVSSv3
CVE-2023-27372
SPIP prior to 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Spip Spip 4.2.0
Spip Spip
Debian Debian Linux 11.0
1 EDB exploit
6 Github repositories
9.8
CVSSv3
CVE-2023-24258
SPIP v4.1.5 and previous versions exists to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows malicious users to execute arbitrary code via a crafted POST request.
Spip Spip
8.8
CVSSv3
CVE-2022-37155
RCE in SPIP 3.1.13 up to and including 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
Spip Spip
6.1
CVSSv3
CVE-2022-28959
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows malicious users to execute arbitrary web scripts or HTML.
Spip Spip
8.8
CVSSv3
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows malicious users to execute arbitrary PHP code via the _oups parameter at /ecrire.
Spip Spip
8.8
CVSSv3
CVE-2022-28961
Spip Web Framework v3.1.13 and below exists to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
Spip Spip
8.8
CVSSv3
CVE-2022-26846
SPIP prior to 3.2.14 and 4.x prior to 4.0.5 allows remote authenticated editors to execute arbitrary code.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.3
CVSSv3
CVE-2022-26847
SPIP prior to 3.2.14 and 4.x prior to 4.0.5 allows unauthenticated access to information about editorial objects.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »