CVE-2007-4525
- EPSS 1.6%
- Veröffentlicht 25.08.2007 00:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:15
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by th...
CVE-2006-1702
- EPSS 2.6%
- Veröffentlicht 11.04.2006 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:23:28
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
CVE-2006-1295
- EPSS 1.18%
- Veröffentlicht 19.03.2006 23:02:00
- Zuletzt bearbeitet 16.06.2026 22:22:23
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.
CVE-2006-0626
- EPSS 1.29%
- Veröffentlicht 09.02.2006 18:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:57
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
CVE-2006-0625
- EPSS 4.77%
- Veröffentlicht 09.02.2006 18:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:57
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via re...
- EPSS 2.11%
- Veröffentlicht 02.02.2006 11:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:45
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
CVE-2006-0518
- EPSS 3.82%
- Veröffentlicht 02.02.2006 11:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:45
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2006-0517
- EPSS 3.23%
- Veröffentlicht 02.02.2006 11:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:45
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_br...
CVE-2005-4494
- EPSS 1.35%
- Veröffentlicht 22.12.2005 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:18:54
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.