Shodan
Vulnerabilities
Vulnerable Software
Spip:  >> Spip  >> 2.1.19  Security Vulnerabilities
CVE-2024-23659
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
CVSS Score
6.1
EPSS Score
0.01
Published
2024-01-19
CVE-2023-52322
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-01-04
CVE-2023-27372
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
CVSS Score
9.8
EPSS Score
0.932
Published
2023-02-28
CVE-2023-24258
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-02-27
CVE-2022-28959
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
CVSS Score
6.1
EPSS Score
0.01
Published
2022-05-19
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-05-19
CVE-2022-28961
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-05-19
CVE-2022-26847
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-03-10
CVE-2022-26846
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-03-10
CVE-2020-28984
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
CVSS Score
9.8
EPSS Score
0.007
Published
2020-11-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved