Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

SPIP — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in SPIP, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with the SPIP content management system, categorizing weaknesses by standard classification types. It aggregates a comprehensive collection of known security flaws, including injection attacks, cross-site scripting, and authentication bypasses, covering the full historical record from the platform's inception to the present day. By consulting this resource, researchers and administrators can effectively track vendor advisories over time, gain a deeper understanding of specific weakness classes affecting the software, and look up a detailed vulnerability history for SPIP to assess past risks. The data is organized to facilitate quick identification of critical issues and to support informed decision-making regarding system patching and security hardening. This aggregation serves as a centralized reference point for analyzing the security posture of SPIP installations, allowing users to contextualize individual findings within the broader landscape of disclosed defects. The information presented is derived from verified public sources and official security bulletins, ensuring accuracy and reliability for technical audiences seeking to mitigate exposure to known exploits in this widely used PHP-based web application framework.

Vendor: SPIP

CVE IDTitleCVSSSeverityPublished
CVE-2026-48832 SPIP 输入验证错误漏洞 CWE-601 3.5 Low2026-05-24
CVE-2026-8430 SPIP < 4.4.14 Remote Code Execution via nginx CWE-94 8.1 High2026-05-12
CVE-2026-8429 SPIP < 4.4.14 Remote Code Execution via Private Space CWE-94 8.8 High2026-05-12
CVE-2026-33549 SPIP 安全漏洞 CWE-688 6.7 Medium2026-03-22
CVE-2026-22205 SPIP < 4.4.10 Authentication Bypass via PHP Type Juggling CWE-288 7.5 High2026-02-26
CVE-2026-22206 SPIP < 4.4.10 SQL Injection RCE via Union & PHP Tags CWE-89 8.8 High2026-02-26
CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization 8.1 High2026-02-19
CVE-2026-27474 SPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix) 6.1 Medium2026-02-19
CVE-2026-27473 SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites 6.4 Medium2026-02-19
CVE-2026-27472 SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites 4.3 Medium2026-02-19
CVE-2026-26223 SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area 6.1 Medium2026-02-19
CVE-2026-26345 SPIP < 4.4.8 Cross-Site Scripting in Public Area 5.4 Medium2026-02-19
CVE-2025-71244 SPIP < 4.4.5 Open Redirect via Login Form CWE-601 6.1 Medium2026-02-19
CVE-2025-71242 SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure 6.5 Medium2026-02-19
CVE-2025-71241 SPIP < 4.3.6 Cross-Site Scripting in Private Area CWE-79 6.1 Medium2026-02-19
CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags CWE-79 5.4 Medium2026-02-19
CVE-2023-53900 Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload CWE-79 8.8 High2025-12-16
CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection CWE-73 9.8 Critical2024-09-06
CVE-2024-7954 SPIP porte_plume Plugin Arbitrary PHP Execution CWE-95 9.8 Critical2024-08-23

All 19 known CVE vulnerabilities affecting SPIP with full Chinese analysis, references, and POCs where available.