CVE-2006-0626
- EPSS 0.93%
- Published 09.02.2006 18:06:00
- Last modified 03.04.2025 01:03:51
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
CVE-2006-0625
- EPSS 9.68%
- Published 09.02.2006 18:06:00
- Last modified 03.04.2025 01:03:51
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via re...
- EPSS 0.82%
- Published 02.02.2006 11:02:00
- Last modified 03.04.2025 01:03:51
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
CVE-2006-0518
- EPSS 8.06%
- Published 02.02.2006 11:02:00
- Last modified 03.04.2025 01:03:51
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2006-0517
- EPSS 3.48%
- Published 02.02.2006 11:02:00
- Last modified 03.04.2025 01:03:51
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_br...
CVE-2005-4494
- EPSS 0.53%
- Published 22.12.2005 11:03:00
- Last modified 03.04.2025 01:03:51
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.