Vulmon Recent Vulnerabilities Trends About Contact

spip vulnerabilities and exploits

(subscribe to this query)

7.4
CVSSv3
CVE-2016-7999
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action....
Spip
NA
CVE-2006-0517
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3;...
Spip
NA
CVE-2008-5812
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors....
Spip
7.4
CVSSv3
CVE-2019-16393
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character....
Spip
NA
CVE-2006-0519
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message....
Spip
NA
CVE-2013-7303
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field....
Spip
6.1
CVSSv3
CVE-2019-16392
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages....
Spip
NA
CVE-2013-4557
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter....
Spip
6.1
CVSSv3
CVE-2016-7981
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action....
Spip
NA
CVE-2013-4556
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter....
Spip
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-11061mods for heskCVE-2020-8193remote attackersCVE-2020-8558reflected XSSCVE-2020-7693administrator privilegesmods-for-heskCVE-2020-15526CVE-2020-7457