CVE-2023-24258
- EPSS 1.57%
- Veröffentlicht 27.02.2023 21:15:11
- Zuletzt bearbeitet 21.11.2024 07:47:38
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
CVE-2022-37155
- EPSS 39.97%
- Veröffentlicht 14.12.2022 00:15:09
- Zuletzt bearbeitet 22.04.2025 16:15:33
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
CVE-2022-28961
- EPSS 1.52%
- Veröffentlicht 19.05.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:58:14
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
CVE-2022-28960
- EPSS 1.82%
- Veröffentlicht 19.05.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:58:14
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
CVE-2022-28959
- EPSS 1.46%
- Veröffentlicht 19.05.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:58:14
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-26847
- EPSS 1.33%
- Veröffentlicht 10.03.2022 17:48:02
- Zuletzt bearbeitet 21.11.2024 06:54:38
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
CVE-2022-26846
- EPSS 2.95%
- Veröffentlicht 10.03.2022 17:48:01
- Zuletzt bearbeitet 21.11.2024 06:54:38
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
CVE-2021-44120
- EPSS 0.63%
- Veröffentlicht 26.01.2022 12:15:07
- Zuletzt bearbeitet 21.11.2024 06:30:23
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written an...
CVE-2021-44123
- EPSS 2.4%
- Veröffentlicht 26.01.2022 12:15:07
- Zuletzt bearbeitet 21.11.2024 06:30:24
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.
CVE-2021-44122
- EPSS 0.49%
- Veröffentlicht 26.01.2022 12:15:07
- Zuletzt bearbeitet 21.11.2024 06:30:24
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirec...