Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip spip vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23659
SPIP prior to 4.1.14 and 4.2.x prior to 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
Spip Spip
NA
CVE-2023-52322
ecrire/public/assembler.php in SPIP prior to 4.1.13 and 4.2.x prior to 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
Spip Spip
NA
CVE-2023-27372
SPIP prior to 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Spip Spip 4.2.0
Spip Spip
Debian Debian Linux 11.0
1 EDB exploit
6 Github repositories
NA
CVE-2023-24258
SPIP v4.1.5 and previous versions exists to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows malicious users to execute arbitrary code via a crafted POST request.
Spip Spip
NA
CVE-2022-37155
RCE in SPIP 3.1.13 up to and including 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
Spip Spip
383
VMScore
CVE-2022-28959
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows malicious users to execute arbitrary web scripts or HTML.
Spip Spip
578
VMScore
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows malicious users to execute arbitrary PHP code via the _oups parameter at /ecrire.
Spip Spip
578
VMScore
CVE-2022-28961
Spip Web Framework v3.1.13 and below exists to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
Spip Spip
578
VMScore
CVE-2022-26846
SPIP prior to 3.2.14 and 4.x prior to 4.0.5 allows remote authenticated editors to execute arbitrary code.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
445
VMScore
CVE-2022-26847
SPIP prior to 3.2.14 and 4.x prior to 4.0.5 allows unauthenticated access to information about editorial objects.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »