Spip : Security Vulnerabilities, CVEs, Published In 2019
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
Max CVSS
6.5
EPSS Score
0.25%
Published
2019-12-17
Updated
2022-05-03
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
Max CVSS
5.3
EPSS Score
0.27%
Published
2019-09-17
Updated
2022-05-03
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
Max CVSS
6.1
EPSS Score
0.17%
Published
2019-09-17
Updated
2023-02-13
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
Max CVSS
6.1
EPSS Score
0.18%
Published
2019-09-17
Updated
2023-02-13
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
Max CVSS
6.5
EPSS Score
0.07%
Published
2019-09-17
Updated
2023-02-13
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
Max CVSS
8.8
EPSS Score
0.71%
Published
2019-04-10
Updated
2020-09-28
6 vulnerabilities found