Browse all 22 CVE security advisories affecting SPIP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SPIP is a free, open-source content management system primarily designed for collaborative editorial projects and community-driven websites. Its architecture, rooted in PHP and MySQL, has historically exposed it to a range of web application vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection. Recent records indicate approximately 22 Common Vulnerabilities and Exposures (CVEs), reflecting persistent issues with input validation and access control mechanisms. While not typically associated with massive, high-profile data breaches comparable to enterprise platforms, its widespread use in niche communities makes it a frequent target for automated exploitation scripts. Security researchers emphasize the importance of timely patching, as many vulnerabilities stem from legacy code paths and insufficient sanitization of user-supplied data. Administrators must prioritize regular updates to mitigate risks associated with privilege escalation and unauthorized file inclusion attacks inherent in older versions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27744 | SPIP tickets < 4.3.3 Unauthenticated RCE — ticketsCWE-94 | 9.8 | Critical | 2026-02-25 |
This page lists every published CVE security advisory associated with SPIP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.