Vulnerabilities > Spip > Spip > 1.8.2g
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-19 | CVE-2006-1295 | Cross-Site Scripting vulnerability in Spip 1.8.2E/1.8.2G Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter. network spip | 4.3 |
2006-02-09 | CVE-2006-0626 | SQL Injection vulnerability in Spip 1.8.2G SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter. | 7.5 |
2006-02-09 | CVE-2006-0625 | Remote Command Execution vulnerability in Spip 1.8.2D/1.8.2E/1.8.2G Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3. | 6.4 |