SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
Max CVSS
7.5
EPSS Score
7.29%
Published
2009-09-01
Updated
2017-08-17
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.68%
Published
2009-01-02
Updated
2017-08-08
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.33%
Published
2009-01-02
Updated
2017-08-08
3 vulnerabilities found