Spip

Spip

56 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2013-4555

Exploit
  • EPSS 0.23%
  • Veröffentlicht 18.11.2013 02:55:08
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.

7.5

CVE-2013-2118

  • EPSS 11.96%
  • Veröffentlicht 09.07.2013 17:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.

10

CVE-2012-4331

  • EPSS 0.43%
  • Veröffentlicht 14.08.2012 22:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.

4.3

CVE-2012-2151

  • EPSS 0.56%
  • Veröffentlicht 14.08.2012 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2009-3041

Exploit
  • EPSS 3.84%
  • Veröffentlicht 01.09.2009 18:30:04
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as explo...

7.5

CVE-2008-5813

  • EPSS 0.71%
  • Veröffentlicht 02.01.2009 18:11:09
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third pa...

10

CVE-2008-5812

  • EPSS 0.37%
  • Veröffentlicht 02.01.2009 18:11:09
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.

7.5

CVE-2007-4525

  • EPSS 0.71%
  • Veröffentlicht 25.08.2007 00:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by th...

7.5

CVE-2006-1702

Exploit
  • EPSS 2.09%
  • Veröffentlicht 11.04.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.

4.3

CVE-2006-1295

  • EPSS 0.43%
  • Veröffentlicht 19.03.2006 23:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.