RCE in SPIP 3.1.13 up to and including 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
spip spip