Spip : Security Vulnerabilities, CVEs, Published In April 2016
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
Max CVSS
9.8
EPSS Score
0.58%
Published
2016-04-08
Updated
2016-04-14
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
Max CVSS
9.8
EPSS Score
0.58%
Published
2016-04-08
Updated
2016-04-14
2 vulnerabilities found