Vulnerabilities > Spip > Spip > 2.1.11

DATE CVE VULNERABILITY TITLE RISK
2016-04-08 CVE-2016-3154 Code Injection vulnerability in Spip
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
network
low complexity
spip CWE-94
critical
 9.8
9.8
2016-04-08 CVE-2016-3153 Code Injection vulnerability in multiple products
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
network
low complexity
debian spip CWE-94
critical
 9.8
9.8