Known Vulnerabilities for products from Spip
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Spip".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33549 json | SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the edit... | Not Provided | 2026-03-22 | 2026-04-17 |
| CVE-2024-23659 json | 6.1 - MEDIUM | 2024-01-19 | 2024-01-25 | |
| CVE-2023-52322 json | 6.1 - MEDIUM | 2024-01-04 | 2024-03-15 | |
| CVE-2023-27372 json | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fi... | 9.8 - CRITICAL | 2023-02-28 | 2023-06-21 |
| CVE-2023-24258 json | SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability a... | 9.8 - CRITICAL | 2023-02-27 | 2023-03-24 |
| CVE-2022-37155 json | RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. | 8.8 - HIGH | 2022-12-14 | 2023-01-30 |
| CVE-2022-28961 json | Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier... | 8.8 - HIGH | 2022-05-19 | 2022-05-26 |
| CVE-2022-28960 json | A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at... | 8.8 - HIGH | 2022-05-19 | 2023-08-08 |
| CVE-2022-28959 json | Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows... | 6.1 - MEDIUM | 2022-05-19 | 2022-05-26 |
| CVE-2022-26847 json | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | 5.3 - MEDIUM | 2022-03-10 | 2022-03-18 |
| CVE-2022-26846 json | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | 8.8 - HIGH | 2022-03-10 | 2022-03-18 |
| CVE-2021-44123 json | SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a ma... | 8.8 - HIGH | 2022-01-26 | 2022-02-02 |
| CVE-2021-44122 json | SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/bal... | 8.8 - HIGH | 2022-01-26 | 2022-02-02 |
| CVE-2021-44120 json | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function saf... | 5.4 - MEDIUM | 2022-01-26 | 2022-02-01 |
| CVE-2021-44118 json | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to ... | 5.4 - MEDIUM | 2022-01-26 | 2022-02-01 |
| CVE-2020-28984 json | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_na... | 9.8 - CRITICAL | 2020-11-23 | 2021-02-04 |
| CVE-2019-19830 json | _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. | 6.5 - MEDIUM | 2019-12-17 | 2022-05-03 |
| CVE-2019-16394 json | SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whethe... | 5.3 - MEDIUM | 2019-09-17 | 2022-05-03 |
| CVE-2019-16393 json | SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. | 6.1 - MEDIUM | 2019-09-17 | 2023-02-13 |
| CVE-2019-16392 json | SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. | 6.1 - MEDIUM | 2019-09-17 | 2023-02-13 |
Known software with vulnerabilities from Spip
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Spip | Spip | 2.0.0 |