SPIP 4.1.1

CPE Details

SPIP 4.1.1
spip
spip
4.1.1
2022-12-16
12h41 +00:00
2023-03-06
22h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:spip:spip:4.1.1:*:*:*:*:*:*:*

Informations

Vendor

spip

Product

spip

Version

4.1.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-8517 2024-09-06 15h55 +00:00 SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
9.8
Critical
CVE-2024-23659 2024-01-18 23h00 +00:00 SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
6.1
Medium
CVE-2023-52322 2024-01-03 23h00 +00:00 ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
6.1
Medium
CVE-2023-27372 2023-02-27 23h00 +00:00 SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
9.8
Critical
CVE-2023-24258 2023-02-26 23h00 +00:00 SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
9.8
Critical
CVE-2022-37155 2022-12-12 23h00 +00:00 RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
8.8
High