Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-37155
RCE in SPIP 3.1.13 up to and including 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
Spip Spip
383
VMScore
CVE-2022-28959
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows malicious users to execute arbitrary web scripts or HTML.
Spip Spip
578
VMScore
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows malicious users to execute arbitrary PHP code via the _oups parameter at /ecrire.
Spip Spip
578
VMScore
CVE-2022-28961
Spip Web Framework v3.1.13 and below exists to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
Spip Spip
755
VMScore
CVE-2006-1702
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote malicious users to execute arbitrary PHP code via a URL in the url parameter.
Spip Spip 1.8.3
1 EDB exploit
668
VMScore
CVE-2007-4525
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote malicious users to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, s...
Spip Spip 1.7.2
231
VMScore
CVE-2005-4494
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
Spip Spip 1.8.2
755
VMScore
CVE-2006-0626
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and previous versions allows remote malicious users to execute arbitrary SQL commands via the file parameter.
Spip Spip 1.8.2g
1 EDB exploit
383
VMScore
CVE-2016-9152
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote malicious users to inject arbitrary web script or HTML via the rac parameter.
Spip Spip 3.1.3
312
VMScore
CVE-2021-44118
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated malicious user to inject malicious code running on the client side into web pages visited b...
Spip Spip 4.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »