Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2017-9736

Disclosure Date: June 17, 2017 (last updated November 26, 2024)
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
0
0
Attacker Value
Unknown

CVE-2016-9998

Disclosure Date: December 17, 2016 (last updated November 25, 2024)
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
0
0
Attacker Value
Unknown

CVE-2016-9997

Disclosure Date: December 17, 2016 (last updated November 25, 2024)
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
0
0