Vulnerabilidades en SPIP
25 resultadosCVE-2024-8517CRITICALSPIP Bigup Multipart File Upload OS Command InjectionEPSS 94.6%CVE-2024-7954CRITICALSPIP porte_plume Plugin Arbitrary PHP ExecutionEPSS 89.8%CVE-2025-71243CRITICALSPIP Saisies Plugin < 5.11.1 Remote Code ExecutionEPSS 5.1%CVE-2026-27744CRITICALSPIP tickets < 4.3.3 Unauthenticated RCEEPSS 0.9%CVE-2026-27475CRITICALSPIP < 4.4.9 Insecure DeserializationEPSS 0.8%CVE-2026-27745HIGHSPIP interface_traduction_objets < 2.2.2 Authenticated RCEEPSS 0.8%CVE-2026-27743CRITICALSPIP referer_spam < 1.3.0 Unauthenticated SQL InjectionEPSS 0.6%CVE-2026-22206HIGHSPIP < 4.4.10 SQL Injection RCE via Union & PHP TagsEPSS 0.6%CVE-2026-8429HIGHSPIP < 4.4.14 Remote Code Execution via Private SpaceEPSS 0.5%CVE-2026-22205HIGHSPIP < 4.4.10 Authentication Bypass via PHP Type JugglingEPSS 0.5%CVE-2026-8430CRITICALSPIP < 4.4.14 Remote Code Execution via nginxEPSS 0.4%CVE-2026-27747HIGHSPIP interface_traduction_objets < 2.2.2 Authenticated SQL InjectionEPSS 0.4%CVE-2023-53900MEDIUMSpip 4.1.10 Admin Account Spoofing via Malicious SVG UploadEPSS 0.3%CVE-2026-27474MEDIUMSPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix)EPSS 0.3%CVE-2026-27472MEDIUMSPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated SitesEPSS 0.3%CVE-2026-27473MEDIUMSPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated SitesEPSS 0.3%CVE-2025-71242MEDIUMSPIP < 4.3.6 Authorization Bypass Leading to Content DisclosureEPSS 0.2%CVE-2026-33549MEDIUMSPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an authoEPSS 0.2%CVE-2026-27746MEDIUMSPIP jeux < 4.1.1 Reflected XSS via index ParametersEPSS 0.2%CVE-2025-71241MEDIUMSPIP < 4.3.6 Cross-Site Scripting in Private AreaEPSS 0.2%