Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-37155
RCE in SPIP 3.1.13 up to and including 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
Spip Spip
NA
CVE-2024-23659
SPIP prior to 4.1.14 and 4.2.x prior to 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
Spip Spip
NA
CVE-2023-24258
SPIP v4.1.5 and previous versions exists to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows malicious users to execute arbitrary code via a crafted POST request.
Spip Spip
668
VMScore
CVE-2006-0517
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve ...
Spip Spip
445
VMScore
CVE-2006-0519
SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allows remote malicious users to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
Spip Spip
383
VMScore
CVE-2017-15736
Cross-site scripting (XSS) vulnerability (stored) in SPIP prior to 3.1.7 allows remote malicious users to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
Spip Spip
578
VMScore
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows malicious users to execute arbitrary PHP code via the _oups parameter at /ecrire.
Spip Spip
383
VMScore
CVE-2016-7999
ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
Spip Spip
505
VMScore
CVE-2016-7982
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to enumerate the files on the system via the var_url parameter in a valider_xml action.
Spip Spip
1 EDB exploit
685
VMScore
CVE-2016-7980
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml re...
Spip Spip
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »