Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SPIP — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting SPIP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SPIP is a free, open-source content management system primarily designed for collaborative editorial projects and community-driven websites. Its architecture, rooted in PHP and MySQL, has historically exposed it to a range of web application vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection. Recent records indicate approximately 22 Common Vulnerabilities and Exposures (CVEs), reflecting persistent issues with input validation and access control mechanisms. While not typically associated with massive, high-profile data breaches comparable to enterprise platforms, its widespread use in niche communities makes it a frequent target for automated exploitation scripts. Security researchers emphasize the importance of timely patching, as many vulnerabilities stem from legacy code paths and insufficient sanitization of user-supplied data. Administrators must prioritize regular updates to mitigate risks associated with privilege escalation and unauthorized file inclusion attacks inherent in older versions.

Found 16 results / 22Clear Filters
Top products by SPIP: SPIP interface_traduction_objets Saisies pour formulaire referer_spam jeux tickets
CVE IDTitleCVSSSeverityPublished
CVE-2026-33549 SPIP 安全漏洞 — SPIPCWE-688 6.7 Medium2026-03-22
CVE-2026-22205 SPIP < 4.4.10 Authentication Bypass via PHP Type Juggling — SPIPCWE-288 7.5 High2026-02-26
CVE-2026-22206 SPIP < 4.4.10 SQL Injection RCE via Union & PHP Tags — SPIPCWE-89 8.8 High2026-02-26
CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization — SPIP 8.1 High2026-02-19
CVE-2026-27474 SPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix) — SPIP 6.1 Medium2026-02-19
CVE-2026-27473 SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites — SPIP 6.4 Medium2026-02-19
CVE-2026-27472 SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites — SPIP 4.3 Medium2026-02-19
CVE-2026-26223 SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area — SPIP 6.1 Medium2026-02-19
CVE-2026-26345 SPIP < 4.4.8 Cross-Site Scripting in Public Area — SPIP 5.4 Medium2026-02-19
CVE-2025-71244 SPIP < 4.4.5 Open Redirect via Login Form — SPIPCWE-601 6.1 Medium2026-02-19
CVE-2025-71242 SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure — SPIP 6.5 Medium2026-02-19
CVE-2025-71241 SPIP < 4.3.6 Cross-Site Scripting in Private Area — SPIPCWE-79 6.1 Medium2026-02-19
CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags — SPIPCWE-79 5.4 Medium2026-02-19
CVE-2023-53900 Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload — spipCWE-79 8.8 High2025-12-16
CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection — SPIPCWE-73 9.8 Critical2024-09-06
CVE-2024-7954 SPIP porte_plume Plugin Arbitrary PHP Execution — SPIPCWE-95 9.8 Critical2024-08-23

This page lists every published CVE security advisory associated with SPIP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.