Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip spip vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-9736
SPIP 3.1.x prior to 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote malicious user to cause remote code execution.
Spip Spip 3.1.4
Spip Spip 3.1.5
Spip Spip 3.1.2
Spip Spip 3.1.3
Spip Spip 3.1.0
Spip Spip 3.2
Spip Spip 3.1.1
Spip Spip 3.2.0
10
CVSSv2
CVE-2012-4331
Multiple unspecified vulnerabilities in SPIP prior to 1.9.2.o, 2.0.x prior to 2.0.18, and 2.1.x prior to 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.
Spip Spip 1.9
Spip Spip 1.9.1
Spip Spip 1.9.2
Spip Spip 2.0
Spip Spip 2.1
4.3
CVSSv2
CVE-2012-2151
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x prior to 1.9.2.o, 2.0.x prior to 2.0.18, and 2.1.x prior to 2.1.13 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Spip Spip 1.9
Spip Spip 1.9.1
Spip Spip 1.9.2
Spip Spip 2.0
Spip Spip 2.1
4.3
CVSSv2
CVE-2016-9997
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
Spip Spip 3.1.0
Spip Spip 3.1.1
Spip Spip 3.1.2
Spip Spip 3.1.3
4.3
CVSSv2
CVE-2016-9998
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
Spip Spip 3.1.1
Spip Spip 3.1.2
Spip Spip 3.1.0
Spip Spip 3.1.3
6.4
CVSSv2
CVE-2006-0625
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and previous versions allows remote malicious users to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resulta...
Spip Spip 1.8.2d
Spip Spip 1.8.2e
Spip Spip 1.8.2g
1 EDB exploit
4.3
CVSSv2
CVE-2006-1295
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote malicious users to inject arbitrary web script or HTML via the recherche parameter.
Spip Spip 1.8.2g
Spip Spip 1.8.2e
NA
CVE-2023-27372
SPIP prior to 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Spip Spip 4.2.0
Spip Spip
Debian Debian Linux 11.0
1 EDB exploit
6 Github repositories
7.5
CVSSv2
CVE-2006-0517
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve ...
Spip Spip
4.3
CVSSv2
CVE-2017-15736
Cross-site scripting (XSS) vulnerability (stored) in SPIP prior to 3.1.7 allows remote malicious users to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
Spip Spip
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »