Vulnerabilities > Spip
|2023-02-28||CVE-2023-27372||SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled.|| 9.8 |
|2023-02-27||CVE-2023-24258|| SQL Injection vulnerability in Spip |
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter.
| 9.8 |
|2022-12-14||CVE-2022-37155|| Unspecified vulnerability in Spip |
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
| 8.8 |
|2022-05-19||CVE-2022-28959|| Cross-site Scripting vulnerability in Spip |
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
| 4.3 |
|2022-05-19||CVE-2022-28960|| Improper Encoding or Escaping of Output vulnerability in Spip |
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
| 8.8 |
|2022-05-19||CVE-2022-28961|| SQL Injection vulnerability in Spip |
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
| 6.5 |
|2022-03-10||CVE-2022-26846||SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.|| 6.5 |
|2022-03-10||CVE-2022-26847|| Information Exposure vulnerability in multiple products |
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
| 5.0 |
|2022-01-26||CVE-2021-44118|| Cross-site Scripting vulnerability in Spip 4.0.0 |
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability.
| 3.5 |
|2022-01-26||CVE-2021-44120|| Cross-site Scripting vulnerability in Spip 4.0.0 |
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields.
| 3.5 |