Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-9736
SPIP 3.1.x prior to 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote malicious user to cause remote code execution.
Spip Spip 3.1.4
Spip Spip 3.1.5
Spip Spip 3.1.2
Spip Spip 3.1.3
Spip Spip 3.1.0
Spip Spip 3.2
Spip Spip 3.1.1
Spip Spip 3.2.0
NA
CVE-2012-4331
Multiple unspecified vulnerabilities in SPIP prior to 1.9.2.o, 2.0.x prior to 2.0.18, and 2.1.x prior to 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.
Spip Spip 1.9
Spip Spip 1.9.1
Spip Spip 1.9.2
Spip Spip 2.0
Spip Spip 2.1
NA
CVE-2012-2151
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x prior to 1.9.2.o, 2.0.x prior to 2.0.18, and 2.1.x prior to 2.1.13 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Spip Spip 1.9
Spip Spip 1.9.1
Spip Spip 1.9.2
Spip Spip 2.0
Spip Spip 2.1
6.1
CVSSv3
CVE-2016-9997
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
Spip Spip 3.1.0
Spip Spip 3.1.1
Spip Spip 3.1.2
Spip Spip 3.1.3
6.1
CVSSv3
CVE-2016-9998
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
Spip Spip 3.1.1
Spip Spip 3.1.2
Spip Spip 3.1.0
Spip Spip 3.1.3
NA
CVE-2006-0625
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and previous versions allows remote malicious users to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resulta...
Spip Spip 1.8.2d
Spip Spip 1.8.2e
Spip Spip 1.8.2g
1 EDB exploit
NA
CVE-2006-1295
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote malicious users to inject arbitrary web script or HTML via the recherche parameter.
Spip Spip 1.8.2g
Spip Spip 1.8.2e
9.8
CVSSv3
CVE-2023-27372
SPIP prior to 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Spip Spip 4.2.0
Spip Spip
Debian Debian Linux 11.0
1 EDB exploit
6 Github repositories
8.8
CVSSv3
CVE-2016-7980
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml re...
Spip Spip
1 EDB exploit
7.5
CVSSv3
CVE-2016-7982
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to enumerate the files on the system via the var_url parameter in a valider_xml action.
Spip Spip
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »