Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip spip vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-44123
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.
Spip Spip 4.0.0
6.5
CVSSv2
CVE-2019-11071
SPIP 3.1 prior to 3.1.10 and 3.2 prior to 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
Spip Spip
Debian Debian Linux 9.0
6.5
CVSSv2
CVE-2016-7998
The SPIP template composer/compiler in SPIP 3.1.2 and previous versions allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
Spip Spip
1 EDB exploit
6.4
CVSSv2
CVE-2006-0625
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and previous versions allows remote malicious users to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resulta...
Spip Spip 1.8.2d
Spip Spip 1.8.2e
Spip Spip 1.8.2g
1 EDB exploit
5.8
CVSSv2
CVE-2019-16393
SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
Spip Spip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
5
CVSSv2
CVE-2022-26847
SPIP prior to 3.2.14 and 4.x prior to 4.0.5 allows unauthenticated access to information about editorial objects.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5
CVSSv2
CVE-2019-16394
SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help malicious users to enumerate subscribers.
Spip Spip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
5
CVSSv2
CVE-2016-7982
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to enumerate the files on the system via the var_url parameter in a valider_xml action.
Spip Spip
1 EDB exploit
5
CVSSv2
CVE-2006-0519
SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allows remote malicious users to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
Spip Spip
4.3
CVSSv2
CVE-2022-28959
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows malicious users to execute arbitrary web scripts or HTML.
Spip Spip
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »