Spip : Security Vulnerabilities (SQL Injection)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-28961 |
89 |
|
Sql |
2022-05-19 |
2022-05-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. |
2 |
CVE-2008-5813 |
89 |
|
Exec Code Sql |
2009-01-02 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information. |
3 |
CVE-2006-0626 |
|
|
Exec Code Sql |
2006-02-09 |
2017-07-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter. |
4 |
CVE-2006-0517 |
|
|
Exec Code Sql |
2006-02-02 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions". |
Total number of vulnerabilities :
4
Page :
1
(This Page)