Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2017-9736

Disclosure Date: June 17, 2017 (last updated November 26, 2024)
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
0
0
Attacker Value
Unknown

CVE-2016-9998

Disclosure Date: December 17, 2016 (last updated November 25, 2024)
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
0
0
Attacker Value
Unknown

CVE-2016-9997

Disclosure Date: December 17, 2016 (last updated November 25, 2024)
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
0
0
Attacker Value
Unknown

CVE-2016-9152

Disclosure Date: December 05, 2016 (last updated November 25, 2024)
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.
0
0