Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip spip vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-9736
SPIP 3.1.x prior to 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote malicious user to cause remote code execution.
Spip Spip 3.1.4
Spip Spip 3.1.5
Spip Spip 3.1.2
Spip Spip 3.1.3
Spip Spip 3.1.0
Spip Spip 3.2
Spip Spip 3.1.1
Spip Spip 3.2.0
NA
CVE-2012-2151
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x prior to 1.9.2.o, 2.0.x prior to 2.0.18, and 2.1.x prior to 2.1.13 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Spip Spip 1.9
Spip Spip 1.9.1
Spip Spip 1.9.2
Spip Spip 2.0
Spip Spip 2.1
NA
CVE-2012-4331
Multiple unspecified vulnerabilities in SPIP prior to 1.9.2.o, 2.0.x prior to 2.0.18, and 2.1.x prior to 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.
Spip Spip 1.9
Spip Spip 1.9.1
Spip Spip 1.9.2
Spip Spip 2.0
Spip Spip 2.1
6.1
CVSSv3
CVE-2016-9997
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
Spip Spip 3.1.0
Spip Spip 3.1.1
Spip Spip 3.1.2
Spip Spip 3.1.3
6.1
CVSSv3
CVE-2016-9998
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
Spip Spip 3.1.1
Spip Spip 3.1.2
Spip Spip 3.1.0
Spip Spip 3.1.3
NA
CVE-2006-0625
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and previous versions allows remote malicious users to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resulta...
Spip Spip 1.8.2d
Spip Spip 1.8.2e
Spip Spip 1.8.2g
1 EDB exploit
NA
CVE-2006-1295
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote malicious users to inject arbitrary web script or HTML via the recherche parameter.
Spip Spip 1.8.2g
Spip Spip 1.8.2e
9.8
CVSSv3
CVE-2023-27372
SPIP prior to 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Spip Spip 4.2.0
Spip Spip
Debian Debian Linux 11.0
1 EDB exploit
6 Github repositories
6.1
CVSSv3
CVE-2024-23659
SPIP prior to 4.1.14 and 4.2.x prior to 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
Spip Spip
8.8
CVSSv3
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows malicious users to execute arbitrary PHP code via the _oups parameter at /ecrire.
Spip Spip
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »