Spip : Security Vulnerabilities, CVEs, Published In 2009
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.33%
Published
2009-01-02
Updated
2017-08-08
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.68%
Published
2009-01-02
Updated
2017-08-08
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
Max CVSS
7.5
EPSS Score
7.29%
Published
2009-09-01
Updated
2017-08-17
3 vulnerabilities found