Spip

Spip

56 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2013-4555

Exploit
  • EPSS 0.23%
  • Published 18.11.2013 02:55:08
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.

7.5

CVE-2013-2118

  • EPSS 11.96%
  • Published 09.07.2013 17:55:01
  • Last modified 11.04.2025 00:51:21

SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.

10

CVE-2012-4331

  • EPSS 0.43%
  • Published 14.08.2012 22:55:02
  • Last modified 11.04.2025 00:51:21

Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.

4.3

CVE-2012-2151

  • EPSS 0.56%
  • Published 14.08.2012 22:55:01
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2009-3041

Exploit
  • EPSS 3.84%
  • Published 01.09.2009 18:30:04
  • Last modified 09.04.2025 00:30:58

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as explo...

7.5

CVE-2008-5813

  • EPSS 0.71%
  • Published 02.01.2009 18:11:09
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third pa...

10

CVE-2008-5812

  • EPSS 0.37%
  • Published 02.01.2009 18:11:09
  • Last modified 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.

7.5

CVE-2007-4525

  • EPSS 0.71%
  • Published 25.08.2007 00:17:00
  • Last modified 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by th...

7.5

CVE-2006-1702

Exploit
  • EPSS 2.09%
  • Published 11.04.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.

4.3

CVE-2006-1295

  • EPSS 0.43%
  • Published 19.03.2006 23:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.