pkg:Debian/spip
共 97 筆 CVECRITICAL15HIGH23MEDIUM34LOW1
✅ 檢查你的版本
所有已知漏洞
- CRITICAL9.8CVE-2024-8517SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue.from 0, < 4.3.2+dfsg-1
- CRITICAL9.8CVE-2024-7954The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability.from 0, < 4.3.0+dfsg-1
- from 0, < 3.2.11-3+deb11u7
- from 0, < 3.2.11-3+deb11u7
- from 0, < 3.2.11-3+deb11u6
- from 0, < 3.2.11-3+deb11u6
- from 0, < 3.2.4-1+deb10u10
- from 0, < 3.2.4-1+deb10u3
- from 0, < 3.1.4-4~deb9u4
- from 0, < 3.2.8-1
- from 0, < 3.1.4-3
- from 0, < 3.1.4-3~deb9u1
- CRITICAL9.8CVE-2016-3154The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows…from 0, < 3.0.22-1
- from 0, < 3.0.22-1
- from 0, < 2.1.17-1+deb7u5
- HIGH8.8CVE-2026-8429SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary…from 0
- from 0
- from 0, < 4.4.13+dfsg-0+deb13u1
- HIGH8.8CVE-2026-22206SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL…from 0
- from 0, < 3.2.11-3+deb11u5
- from 0, < 3.2.4-1+deb10u9
- HIGH8.8CVE-2022-28961Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and wher…from 0, < 3.2.8-1
- HIGH8.8CVE-2022-28960A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.from 0, < 3.2.8-1
- from 0, < 3.1.4-4~deb9u5
- from 0, < 3.2.11-3+deb11u3
- from 0, < 3.2.4-1+deb10u7
- from 0, < 3.2.11-3+deb11u1
- HIGH8.8CVE-2021-44122SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecri…from 0, < 3.2.11-3+deb11u1
- from 0, < 3.2.4-1
- from 0, < 3.1.4-4~deb9u2
- HIGH8.8CVE-2016-7998The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading…from 0, < 3.1.3-1
- from 0, < 3.1.3-1
- from 0, < 2.1.17-1+deb7u6
- HIGH8.1CVE-2026-27475SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept se…from 0
- from 0, < 4.4.11+dfsg-0+deb13u1
- from 0
- HIGH7.5CVE-2016-7982Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files o…from 0, < 3.1.3-1
- HIGH7.4CVE-2016-7999ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a U…from 0, < 3.1.3-1
- MEDIUM6.5CVE-2025-71242SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area.from 0
- from 0, < 3.2.4-1+deb10u2
- from 0, < 3.2.7-1
- from 0, < 3.0.17-2+deb8u5
- from 0, < 3.2.5-1
- from 0, < 3.1.4-4~deb9u3
- MEDIUM6.4CVE-2026-27473SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area.from 0
- MEDIUM6.1CVE-2026-27474SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8.from 0
- MEDIUM6.1CVE-2026-26223SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags.from 0
- MEDIUM6.1CVE-2025-71244SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode.from 0
- MEDIUM6.1CVE-2025-71241SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area.from 0
- MEDIUM6.1CVE-2023-53900Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links.from 0
- MEDIUM6.1CVE-2024-23659SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file.from 0, < 4.1.15+dfsg-1
- from 0, < 3.2.11-3+deb11u10
- from 0, < 3.2.4-1+deb10u13
- MEDIUM6.1CVE-2022-28959Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to…from 0, < 3.2.8-1
- MEDIUM6.1CVE-2019-16393SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.from 0, < 3.2.5-1
- MEDIUM6.1CVE-2019-16392SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.from 0, < 3.2.5-1
- from 0, < 3.0.17-2+deb8u4
- from 0, < 3.1.4-4
- MEDIUM6.1CVE-2016-7981Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web scrip…from 0, < 3.1.3-1
- MEDIUM6.1CVE-2016-9998SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as…from 0, < 3.1.4-2
- from 0, < 2.1.17-1+deb7u8
- from 0, < 3.1.4-2
- from 0, < 3.1.4-2
- from 0, < 2.1.17-1+deb7u7
- MEDIUM5.4CVE-2025-71240SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags.from 0
- MEDIUM5.4CVE-2021-44120SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the v…from 0, < 3.2.11-3+deb11u1
- from 0, < 3.2.11-3+deb11u1
- from 0, < 3.2.4-1+deb10u5
- from 0, < 3.1.4-4~deb9u4+deb9u2
- MEDIUM5.3CVE-2022-26847SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.from 0, < 3.2.11-3+deb11u3
- MEDIUM5.3CVE-2019-16394SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail ad…from 0, < 3.2.5-1
- MEDIUM4.3CVE-2026-27472SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the private area.from 0
- LOW3.5CVE-2026-48832action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.from 0
- —CVE-2026-8430SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurat…from 0
- —CVE-2026-26345SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patter…from 0
- —CVE-2013-7303Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.ph…from 0, < 3.0.13-1
- —CVE-2013-4557The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attacker…from 0, < 2.1.24-1
- —CVE-2013-4556Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.…from 0, < 2.1.24-1
- from 0, < 2.1.1-3squeeze7
- from 0, < 2.1.24-1
- from 0, < 2.1.1-3squeeze6
- from 0, < 2.1.22-1
- —CVE-2012-4331Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack ve…from 0, < 2.1.13-1
- from 0, < 2.1.1-3squeeze3
- from 0, < 2.1.13-1
- —CVE-2009-3041SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php,…from 0, < 2.0.9-1
- —CVE-2008-5813SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers…from 0, < 2.0.6-1
- —CVE-2008-5812Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vect…from 0, < 2.0.6-1
- —CVE-2007-4525PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in…from 0, < 2.0.6-1
- —CVE-2006-1702PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in…from 0, < 2.0.6-1
- —CVE-2006-1295Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML v…from 0, < 2.0.6-1
- —CVE-2006-0625Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via…from 0, < 2.0.6-1
- —CVE-2006-0626SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via…from 0, < 2.0.6-1
- —CVE-2006-0517Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earl…from 0, < 2.0.6-1
- —CVE-2006-0518Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attacke…from 0, < 2.0.6-1
- —CVE-2006-0519SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to…from 0, < 2.0.6-1
- —CVE-2005-4494Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspe…from 0, < 2.0.6-1