Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-9736
SPIP 3.1.x prior to 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote malicious user to cause remote code execution.
Spip Spip 3.1.4
Spip Spip 3.1.5
Spip Spip 3.1.2
Spip Spip 3.1.3
Spip Spip 3.1.0
Spip Spip 3.2
Spip Spip 3.1.1
Spip Spip 3.2.0
4.3
CVSSv2
CVE-2012-2151
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x prior to 1.9.2.o, 2.0.x prior to 2.0.18, and 2.1.x prior to 2.1.13 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Spip Spip 1.9
Spip Spip 1.9.1
Spip Spip 1.9.2
Spip Spip 2.0
Spip Spip 2.1
10
CVSSv2
CVE-2012-4331
Multiple unspecified vulnerabilities in SPIP prior to 1.9.2.o, 2.0.x prior to 2.0.18, and 2.1.x prior to 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.
Spip Spip 1.9
Spip Spip 1.9.1
Spip Spip 1.9.2
Spip Spip 2.0
Spip Spip 2.1
4.3
CVSSv2
CVE-2016-9997
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
Spip Spip 3.1.0
Spip Spip 3.1.1
Spip Spip 3.1.2
Spip Spip 3.1.3
4.3
CVSSv2
CVE-2016-9998
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
Spip Spip 3.1.1
Spip Spip 3.1.2
Spip Spip 3.1.0
Spip Spip 3.1.3
6.4
CVSSv2
CVE-2006-0625
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and previous versions allows remote malicious users to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resulta...
Spip Spip 1.8.2d
Spip Spip 1.8.2e
Spip Spip 1.8.2g
1 EDB exploit
4.3
CVSSv2
CVE-2006-1295
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote malicious users to inject arbitrary web script or HTML via the recherche parameter.
Spip Spip 1.8.2g
Spip Spip 1.8.2e
NA
CVE-2023-27372
SPIP prior to 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Spip Spip 4.2.0
Spip Spip
Debian Debian Linux 11.0
1 EDB exploit
6 Github repositories
5
CVSSv2
CVE-2006-0519
SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allows remote malicious users to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
Spip Spip
6.8
CVSSv2
CVE-2016-7980
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml re...
Spip Spip
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »