Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip spip 3.2 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-9736
SPIP 3.1.x prior to 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote malicious user to cause remote code execution.
Spip Spip 3.1.4
Spip Spip 3.1.5
Spip Spip 3.1.2
Spip Spip 3.1.3
Spip Spip 3.1.0
Spip Spip 3.2
Spip Spip 3.1.1
Spip Spip 3.2.0
578
VMScore
CVE-2019-11071
SPIP 3.1 prior to 3.1.10 and 3.2 prior to 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
Spip Spip
Debian Debian Linux 9.0
516
VMScore
CVE-2019-16393
SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
Spip Spip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
446
VMScore
CVE-2019-16394
SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help malicious users to enumerate subscribers.
Spip Spip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
383
VMScore
CVE-2019-16392
SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 allows prive/formulaires/login.php XSS via error messages.
Spip Spip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
356
VMScore
CVE-2019-19830
_core_/plugins/medias in SPIP 3.2.x prior to 3.2.7 allows remote authenticated authors to inject content into the database.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
356
VMScore
CVE-2019-16391
SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
Spip Spip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started