Vulnerabilities > Spip > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-06 CVE-2024-8517 Unspecified vulnerability in Spip
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue.
network
low complexity
spip
critical
 9.8
9.8
2023-02-28 CVE-2023-27372 SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled.
network
low complexity
spip debian
critical
 9.8
9.8
2023-02-27 CVE-2023-24258 SQL Injection vulnerability in Spip
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter.
network
low complexity
spip CWE-89
critical
 9.8
9.8
2012-08-14 CVE-2012-4331 Security vulnerability in SPIP Multiple
Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.
network
low complexity
spip
critical
 10.0
10
2009-01-02 CVE-2008-5812 Multiple Unspecified vulnerability in SPIP Versions Prior to 2.0.2
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.
network
low complexity
spip
critical
 10.0
10