Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".
Max CVSS
7.5
EPSS Score
2.14%
Published
2006-02-02
Updated
2018-10-19
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
Max CVSS
7.5
EPSS Score
0.96%
Published
2006-02-09
Updated
2017-07-20
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.68%
Published
2009-01-02
Updated
2017-08-08
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
Max CVSS
8.8
EPSS Score
0.14%
Published
2022-05-19
Updated
2022-05-26
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
Max CVSS
9.8
EPSS Score
0.18%
Published
2023-02-27
Updated
2023-03-24
5 vulnerabilities found