Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SPIP — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting SPIP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by SPIP:SPIPinterface_traduction_objetsSaisies pour formulairereferer_spamjeuxtickets
CVE IDTitleCVSSSeverityPublished
CVE-2026-33549 SPIP 安全漏洞 — SPIPCWE-688 6.7 Medium2026-03-22
CVE-2026-22205 SPIP < 4.4.10 Authentication Bypass via PHP Type Juggling — SPIPCWE-288 7.5 High2026-02-26
CVE-2026-22206 SPIP < 4.4.10 SQL Injection RCE via Union & PHP Tags — SPIPCWE-89 8.8 High2026-02-26
CVE-2026-27743 SPIP referer_spam <= 1.2.1 Unauthenticated SQL Injection — referer_spamCWE-89 9.8 Critical2026-02-25
CVE-2026-27744 SPIP tickets < 4.3.3 Unauthenticated RCE — ticketsCWE-94 9.8 Critical2026-02-25
CVE-2026-27745 SPIP interface_traduction_objets < 2.2.2 Authenticated RCE — interface_traduction_objetsCWE-94 8.8 High2026-02-25
CVE-2026-27746 SPIP jeux < 4.1.1 Reflected XSS via index Parameters — jeuxCWE-79 6.1 Medium2026-02-25
CVE-2026-27747 SPIP interface_traduction_objets < 2.2.2 Authenticated SQL Injection — interface_traduction_objetsCWE-89 8.8 High2026-02-25
CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization — SPIP 8.1 High2026-02-19
CVE-2026-27474 SPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix) — SPIP 6.1 Medium2026-02-19
CVE-2026-27473 SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites — SPIP 6.4 Medium2026-02-19
CVE-2026-27472 SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites — SPIP 4.3 Medium2026-02-19
CVE-2026-26223 SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area — SPIP 6.1 Medium2026-02-19
CVE-2026-26345 SPIP < 4.4.8 Cross-Site Scripting in Public Area — SPIP 5.4 Medium2026-02-19
CVE-2025-71244 SPIP < 4.4.5 Open Redirect via Login Form — SPIPCWE-601 6.1 Medium2026-02-19
CVE-2025-71243 SPIP Saisies Plugin < 5.11.1 Remote Code Execution — Saisies pour formulaireCWE-94 9.8 Critical2026-02-19
CVE-2025-71242 SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure — SPIP 6.5 Medium2026-02-19
CVE-2025-71241 SPIP < 4.3.6 Cross-Site Scripting in Private Area — SPIPCWE-79 6.1 Medium2026-02-19
CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags — SPIPCWE-79 5.4 Medium2026-02-19
CVE-2023-53900 Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload — spipCWE-79 8.8 High2025-12-16
CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection — SPIPCWE-73 9.8 Critical2024-09-06
CVE-2024-7954 SPIP porte_plume Plugin Arbitrary PHP Execution — SPIPCWE-95 9.8 Critical2024-08-23

This page lists every published CVE security advisory associated with SPIP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.