Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip spip vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-44122
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is ...
Spip Spip 4.0.0
8.8
CVSSv3
CVE-2021-44123
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.
Spip Spip 4.0.0
8.8
CVSSv3
CVE-2019-11071
SPIP 3.1 prior to 3.1.10 and 3.2 prior to 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
Spip Spip
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2016-7980
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml re...
Spip Spip
1 EDB exploit
8.8
CVSSv3
CVE-2016-7998
The SPIP template composer/compiler in SPIP 3.1.2 and previous versions allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
Spip Spip
1 EDB exploit
7.5
CVSSv3
CVE-2016-7982
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to enumerate the files on the system via the var_url parameter in a valider_xml action.
Spip Spip
1 EDB exploit
7.4
CVSSv3
CVE-2016-7999
ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
Spip Spip
6.5
CVSSv3
CVE-2019-19830
_core_/plugins/medias in SPIP 3.2.x prior to 3.2.7 allows remote authenticated authors to inject content into the database.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
6.5
CVSSv3
CVE-2019-16391
SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
Spip Spip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
6.1
CVSSv3
CVE-2024-23659
SPIP prior to 4.1.14 and 4.2.x prior to 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
Spip Spip
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »