A PHP injection vulnerability in Spip before v3.2.8 allows malicious users to execute arbitrary PHP code via the _oups parameter at /ecrire.
spip spip