Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip spip vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2016-7998
The SPIP template composer/compiler in SPIP 3.1.2 and previous versions allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
Spip Spip
1 EDB exploit
4.3
CVSSv2
CVE-2016-7999
ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
Spip Spip
NA
CVE-2023-24258
SPIP v4.1.5 and previous versions exists to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows malicious users to execute arbitrary code via a crafted POST request.
Spip Spip
4.3
CVSSv2
CVE-2016-7981
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
Spip Spip
NA
CVE-2024-23659
SPIP prior to 4.1.14 and 4.2.x prior to 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
Spip Spip
NA
CVE-2023-52322
ecrire/public/assembler.php in SPIP prior to 4.1.13 and 4.2.x prior to 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
Spip Spip
4.3
CVSSv2
CVE-2017-15736
Cross-site scripting (XSS) vulnerability (stored) in SPIP prior to 3.1.7 allows remote malicious users to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
Spip Spip
7.5
CVSSv2
CVE-2006-0517
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve ...
Spip Spip
4.3
CVSSv2
CVE-2006-0518
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allows remote malicious users to inject arbitrary web script or HTML via the lang parameter.
Spip Spip
1 EDB exploit
5
CVSSv2
CVE-2006-0519
SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allows remote malicious users to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
Spip Spip
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »