Vulnerabilities > Spip > Spip > 1.9.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-08-14 | CVE-2012-4331 | Security vulnerability in SPIP Multiple Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151. | 10.0 |
2012-08-14 | CVE-2012-2151 | Cross-Site Scripting vulnerability in Spip Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-09-01 | CVE-2009-3041 | Permissions, Privileges, and Access Controls vulnerability in Spip SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009. | 7.5 |
2009-01-02 | CVE-2008-5813 | SQL Injection vulnerability in Spip SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2009-01-02 | CVE-2008-5812 | Multiple Unspecified vulnerability in SPIP Versions Prior to 2.0.2 Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors. | 10.0 |