Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 1.8.2 |
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 1.8.2d |
| spip | spip | 1.8.2e |
| spip | spip | 1.8.2g |
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 1.8.2g |
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 1.8.2e |
| spip | spip | 1.8.2g |
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 1.8.3 |
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 1.7.2 |
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 2.1.21 |
| spip | spip | 2.1.12 |
| spip | spip | 2.0.5 |
| spip | spip | 2.1.15 |
| spip | spip | 2.1.16 |
| spip | spip | 2.0.16 |
| spip | spip | 2.1.19 |
| spip | spip | 2.1.2 |
| spip | spip | 2.0.7 |
| spip | spip | 3.0.0 |
| spip | spip | 3.0.6 |
| spip | spip | 2.0.4 |
| spip | spip | 2.1.18 |
| spip | spip | 2.1.17 |
| spip | spip | 2.1.3 |
| spip | spip | 3.0.5 |
| spip | spip | 2.1.20 |
| spip | spip | 2.0.20 |
| spip | spip | 2.0.2 |
| spip | spip | 2.0.6 |
| spip | spip | 3.0.3 |
| spip | spip | 2.1.4 |
| spip | spip | 3.0.7 |
| spip | spip | 2.1.10 |
| spip | spip | 2.0.9 |
| spip | spip | 2.0.21 |
| spip | spip | 2.0.22 |
| spip | spip | 2.0.13 |
| spip | spip | 2.1.6 |
| spip | spip | 2.0.8 |
| spip | spip | 2.0.0 |
| spip | spip | 2.0.1 |
| spip | spip | 2.1.11 |
| spip | spip | 2.0.3 |
| spip | spip | 2.0.11 |
| spip | spip | 2.0.17 |
| spip | spip | 2.1.5 |
| spip | spip | 2.0.19 |
| spip | spip | 3.0.4 |
| spip | spip | 3.0.8 |
| spip | spip | 2.1.7 |
| spip | spip | 2.0.15 |
| spip | spip | 2.0.14 |
| spip | spip | 2.0.18 |
| spip | spip | 3.0.1 |
| spip | spip | 2.0.12 |
| spip | spip | 2.1.8 |
| spip | spip | 2.1.9 |
| spip | spip | 2.0.10 |
| spip | spip | 3.0.2 |
| spip | spip | 2.1.1 |
| spip | spip | 2.1.13 |
| spip | spip | 2.1.14 |
Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 2.0.21 |
| spip | spip | 2.0.22 |
| spip | spip | * |
| spip | spip | 2.1.21 |
| spip | spip | 2.1.12 |
| spip | spip | 2.0.13 |
| spip | spip | 2.1.6 |
| spip | spip | 2.0.5 |
| spip | spip | 2.0.8 |
| spip | spip | 2.1.15 |
| spip | spip | 2.1.16 |
| spip | spip | 2.0.16 |
| spip | spip | 2.0.0 |
| spip | spip | 2.1.19 |
| spip | spip | 2.1.2 |
| spip | spip | 2.0.1 |
| spip | spip | 2.0.7 |
| spip | spip | 2.1.11 |
| spip | spip | 2.0.4 |
| spip | spip | 2.0.3 |
| spip | spip | 2.1.18 |
| spip | spip | 2.1.22 |
| spip | spip | 2.0.11 |
| spip | spip | 2.1.17 |
| spip | spip | 2.0.17 |
| spip | spip | 2.1.3 |
| spip | spip | 2.1.5 |
| spip | spip | 2.1.20 |
| spip | spip | 2.0.19 |
| spip | spip | 2.0.20 |
| spip | spip | 2.1.7 |
| spip | spip | 2.0.2 |
| spip | spip | 2.0.15 |
| spip | spip | 2.0.6 |
| spip | spip | 2.1.4 |
| spip | spip | 2.0.14 |
| spip | spip | 2.0.18 |
| spip | spip | 2.0.12 |
| spip | spip | 2.1.8 |
| spip | spip | 2.1.10 |
| spip | spip | 2.1.9 |
| spip | spip | 2.0.9 |
| spip | spip | 2.0.10 |
| spip | spip | 2.1.1 |
| spip | spip | 2.1.13 |
| spip | spip | 2.1.14 |
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
| spip | spip | 2.1.21 |
| spip | spip | 2.1.12 |
| spip | spip | 2.0.5 |
| spip | spip | 2.1.15 |
| spip | spip | 2.1.16 |
| spip | spip | 2.0.16 |
| spip | spip | 2.1.19 |
| spip | spip | 2.1.2 |
| spip | spip | 2.0.7 |
| spip | spip | 3.0.0 |
| spip | spip | 3.0.6 |
| spip | spip | 2.0.4 |
| spip | spip | 2.1.18 |
| spip | spip | 2.1.22 |
| spip | spip | 3.0.11 |
| spip | spip | 2.1.17 |
| spip | spip | 2.1.3 |
| spip | spip | 3.0.5 |
| spip | spip | 2.1.20 |
| spip | spip | 2.0.20 |
| spip | spip | 2.0.2 |
| spip | spip | 2.0.6 |
| spip | spip | 3.0.3 |
| spip | spip | 2.1.4 |
| spip | spip | 3.0.7 |
| spip | spip | 2.1.10 |
| spip | spip | 2.0.9 |
| spip | spip | 2.0.21 |
| spip | spip | 2.0.22 |
| spip | spip | 3.0.10 |
| spip | spip | 3.0.9 |
| spip | spip | 2.0.13 |
| spip | spip | 2.1.6 |
| spip | spip | 2.0.8 |
| spip | spip | 2.0.0 |
| spip | spip | 2.0.1 |
| spip | spip | 2.1.11 |
| spip | spip | 2.0.3 |
| spip | spip | 2.0.11 |
| spip | spip | 2.0.17 |
| spip | spip | 2.1.5 |
| spip | spip | 2.0.19 |
| spip | spip | 3.0.4 |
| spip | spip | 3.0.8 |
| spip | spip | 2.1.7 |
| spip | spip | 2.0.15 |
| spip | spip | 2.0.14 |
| spip | spip | 2.0.18 |
| spip | spip | 3.0.1 |
| spip | spip | 2.0.12 |
| spip | spip | 2.1.8 |
| spip | spip | 2.1.9 |
| spip | spip | 2.0.10 |
| spip | spip | 3.0.2 |
| spip | spip | 2.1.1 |
| spip | spip | 2.1.13 |
| spip | spip | 2.1.14 |
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 3.0.10 |
| spip | spip | 3.0.9 |
| spip | spip | 3.0.5 |
| spip | spip | 3.0.4 |
| spip | spip | 3.0.8 |
| spip | spip | 3.0.0 |
| spip | spip | 3.0.3 |
| spip | spip | 3.0.1 |
| spip | spip | 3.0.7 |
| spip | spip | 3.0.6 |
| spip | spip | 3.0.2 |
| spip | spip | 3.0.11 |
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
| spip | spip | 2.1.21 |
| spip | spip | 2.1.12 |
| spip | spip | 2.0.5 |
| spip | spip | 2.1.15 |
| spip | spip | 2.1.16 |
| spip | spip | 2.0.16 |
| spip | spip | 2.1.19 |
| spip | spip | 2.1.2 |
| spip | spip | 2.0.7 |
| spip | spip | 3.0.0 |
| spip | spip | 3.0.6 |
| spip | spip | 2.0.4 |
| spip | spip | 2.1.18 |
| spip | spip | 2.1.22 |
| spip | spip | 3.0.11 |
| spip | spip | 2.1.17 |
| spip | spip | 2.1.23 |
| spip | spip | 3.0.5 |
| spip | spip | 2.1.20 |
| spip | spip | 2.0.20 |
| spip | spip | 2.1 |
| spip | spip | 2.0.2 |
| spip | spip | 2.0.6 |
| spip | spip | 3.0.3 |
| spip | spip | 3.0.7 |
| spip | spip | 2.1.10 |
| spip | spip | 2.0.9 |
| spip | spip | 2.0.21 |
| spip | spip | 2.0.22 |
| spip | spip | 3.0.10 |
| spip | spip | 3.0.9 |
| spip | spip | 2.0.13 |
| spip | spip | 2.0.8 |
| spip | spip | 2.0.1 |
| spip | spip | 2.1.11 |
| spip | spip | 2.0.3 |
| spip | spip | 2.0.11 |
| spip | spip | 2.0.17 |
| spip | spip | 2.0.19 |
| spip | spip | 3.0.4 |
| spip | spip | 3.0.8 |
| spip | spip | 2.0.15 |
| spip | spip | 2.0.14 |
| spip | spip | 2.0.18 |
| spip | spip | 3.0.1 |
| spip | spip | 2.0.12 |
| spip | spip | 2.0.10 |
| spip | spip | 3.0.2 |
| spip | spip | 2.1.1 |
| spip | spip | 2.1.13 |
| spip | spip | 2.1.14 |
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| spip | spip | 2.1.12 |
| spip | spip | 2.0.5 |
| spip | spip | 2.1.15 |
| spip | spip | 2.1.16 |
| spip | spip | 2.0.16 |
| spip | spip | 3.0.19 |
| spip | spip | 2.1.2 |
| spip | spip | 2.0.7 |
| spip | spip | 3.0.0 |
| spip | spip | 3.0.16 |
| spip | spip | 3.0.6 |
| spip | spip | 2.0.4 |
| spip | spip | 2.1.18 |
| spip | spip | 3.0.11 |
| spip | spip | 2.1.17 |
| spip | spip | 2.1.3 |
| spip | spip | 3.0.5 |
| spip | spip | 2.0.20 |
| spip | spip | 2.0.2 |
| spip | spip | 2.0.6 |
| spip | spip | 3.0.3 |
| spip | spip | 2.1.4 |
| spip | spip | 3.0.20 |
| spip | spip | 3.0.7 |
| spip | spip | 2.1.10 |
| spip | spip | 2.0.9 |
| spip | spip | 2.0.21 |
| spip | spip | 2.0.22 |
| spip | spip | 3.0.10 |
| spip | spip | 3.0.9 |
| spip | spip | 2.0.13 |
| spip | spip | 2.1.6 |
| spip | spip | 2.0.8 |
| debian | debian_linux | 7.0 |
| spip | spip | 2.0.0 |
| spip | spip | 2.0.1 |
| spip | spip | 3.0.13 |
| spip | spip | 2.1.11 |
| spip | spip | 3.1.0 |
| spip | spip | 2.0.3 |
| spip | spip | 3.0.17 |
| spip | spip | 2.0.11 |
| spip | spip | 3.0.15 |
| spip | spip | 2.0.17 |
| spip | spip | 3.0.14 |
| spip | spip | 2.1.5 |
| spip | spip | 2.0.19 |
| spip | spip | 3.0.4 |
| spip | spip | 3.0.8 |
| spip | spip | 2.1.7 |
| spip | spip | 2.0.15 |
| spip | spip | 2.0.14 |
| spip | spip | 2.0.18 |
| spip | spip | 3.0.1 |
| spip | spip | 2.0.12 |
| spip | spip | 2.1.8 |
| spip | spip | 2.1.9 |
| spip | spip | 2.0.10 |
| spip | spip | 3.0.2 |
| spip | spip | 2.1.1 |
| spip | spip | 2.1.13 |
| spip | spip | 2.1.14 |
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 2.1.12 |
| spip | spip | 2.0.5 |
| spip | spip | 2.1.15 |
| spip | spip | 2.1.16 |
| spip | spip | 2.0.16 |
| spip | spip | 3.0.19 |
| spip | spip | 2.1.19 |
| spip | spip | 2.1.2 |
| spip | spip | 2.0.7 |
| spip | spip | 3.0.0 |
| spip | spip | 3.0.16 |
| spip | spip | 3.0.6 |
| spip | spip | 2.0.4 |
| spip | spip | 2.1.18 |
| spip | spip | 3.0.11 |
| spip | spip | 2.1.17 |
| spip | spip | 2.1.3 |
| spip | spip | 3.0.5 |
| spip | spip | 2.0.20 |
| spip | spip | 2.0.2 |
| spip | spip | 2.0.6 |
| spip | spip | 3.0.3 |
| spip | spip | 2.1.4 |
| spip | spip | 3.0.20 |
| spip | spip | 3.0.7 |
| spip | spip | 2.1.10 |
| spip | spip | 2.0.9 |
| spip | spip | 2.0.21 |
| spip | spip | 2.0.22 |
| spip | spip | 3.0.10 |
| spip | spip | 3.0.9 |
| spip | spip | 2.0.13 |
| spip | spip | 2.1.6 |
| spip | spip | 2.0.8 |
| spip | spip | 2.0.0 |
| spip | spip | 2.0.1 |
| spip | spip | 3.0.13 |
| spip | spip | 2.1.11 |
| spip | spip | 3.1.0 |
| spip | spip | 2.0.3 |
| spip | spip | 3.0.17 |
| spip | spip | 2.0.11 |
| spip | spip | 3.0.15 |
| spip | spip | 2.0.17 |
| spip | spip | 3.0.14 |
| spip | spip | 2.1.5 |
| spip | spip | 2.0.19 |
| spip | spip | 3.0.4 |
| spip | spip | 3.0.8 |
| spip | spip | 2.1.7 |
| spip | spip | 2.0.15 |
| spip | spip | 2.0.14 |
| spip | spip | 2.0.18 |
| spip | spip | 3.0.1 |
| spip | spip | 2.0.12 |
| spip | spip | 2.1.8 |
| spip | spip | 2.1.9 |
| spip | spip | 2.0.10 |
| spip | spip | 3.0.2 |
| spip | spip | 2.1.1 |
| spip | spip | 2.1.13 |
| spip | spip | 2.1.14 |
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 3.1.3 |
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 3.1.1 |
| spip | spip | 3.1.0 |
| spip | spip | 3.1.2 |
| spip | spip | 3.1.3 |
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 3.1.1 |
| spip | spip | 3.1.0 |
| spip | spip | 3.1.2 |
| spip | spip | 3.1.3 |
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 3.1.1 |
| spip | spip | 3.1.5 |
| spip | spip | 3.2 |
| spip | spip | 3.2.0 |
| spip | spip | 3.1.0 |
| spip | spip | 3.1.2 |
| spip | spip | 3.1.3 |
| spip | spip | 3.1.4 |
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
| debian | debian_linux | 9.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| spip | spip | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| spip | spip | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| spip | spip | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| spip | spip | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| spip | spip | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 4.0.0 |
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 4.0.0 |
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 4.0.0 |
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 4.0.0 |
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-116,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
| spip | spip | 4.2.0 |
| debian | debian_linux | 11.0 |
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 4.1.10 |
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 4.3.3 |
A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | 4.3.3 |
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
| spip | spip | 4.3.0 |
| spip | spip | 4.3.1 |
SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been overridden to function in AJAX mode. It is not mitigated by the SPIP security screen.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote code execution on the server.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in the private area. This vulnerability is not mitigated by the SPIP security screen.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patterns. The echapper_html_suspect() function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges (e.g., author-level roles and above) to inject malicious scripts. The injected payload may be rendered across multiple pages within the framework and execute in the browser context of other users, including administrators. Successful exploitation can allow attackers to perform actions in the security context of the victim user, including unauthorized modification of application state. This vulnerability is not mitigated by the SPIP security screen.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 4.7 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N | 1.6 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitrary internal or external destinations. This vulnerability is not mitigated by the SPIP security screen.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area. The #URL_SYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other administrators view the syndicated site details.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 6.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | 3.1 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappe_anti_xss() function was not systematically applied to input, form, button, and anchor (a) HTML tags, allowing an attacker to inject malicious scripts through these elements. This vulnerability is not mitigated by the SPIP security screen.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior access or another vulnerability) can trigger arbitrary object instantiation and potentially achieve code execution. The use of serialized data in these components has been deprecated and will be removed in SPIP 5. This vulnerability is not mitigated by the SPIP security screen.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | spip | * |
The SPIP referer_spam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the referer_spam_ajouter and referer_spam_supprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input validation or parameterization. The endpoints do not enforce authorization checks and do not use SPIP action protections such as securiser_action(), allowing remote attackers to execute arbitrary SQL queries.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | referer_spam* | * |
| spip | referer_spam | * |
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment rendering (#ENV**), which disables SPIP output filtering. As a result, an unauthenticated attacker can inject crafted content that is evaluated through SPIP's template processing chain, leading to execution of code in the context of the web server.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | tickets | * |
The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because fields prefixed with an underscore bypass protection mechanisms and the hidden content is rendered with filtering disabled, an authenticated attacker with editor-level privileges can inject crafted content that is evaluated through SPIP's template processing chain, resulting in execution of code in the context of the web server.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | interface_traduction_objets | * |
The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the pre_propre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages that render a jeux block. When a victim is induced to visit a crafted URL, the injected content is reflected into the response and executed in the victim's browser context.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | jeux | * |
The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interface_traduction_objets_pipelines.php. When handling translation requests, the plugin reads the id_parent parameter from user-supplied input and concatenates it directly into a SQL WHERE clause in a call to sql_getfetsel() without input validation or parameterization. An authenticated attacker with editor-level privileges can inject crafted SQL expressions into the id_parent parameter to manipulate the backend query. Successful exploitation can result in disclosure or modification of database contents and may lead to denial of service depending on the database configuration and privileges.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spip | interface_traduction_objets | * |