Spip » Spip : Security Vulnerabilities, CVEs, (Code Execution) CVSS score >= 9

CVE-2023-27372

Public exploit
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Max CVSS
9.8
EPSS Score
97.35%
Published
2023-02-28
Updated
2023-06-21

CVE-2023-24258

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
Max CVSS
9.8
EPSS Score
0.18%
Published
2023-02-27
Updated
2023-03-24

CVE-2017-9736

SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
Max CVSS
9.8
EPSS Score
2.81%
Published
2017-06-17
Updated
2017-11-04
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close