Filtered by vendor Spip
Subscriptions
Filtered by product Saisies
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22206 | 1 Spip | 2 Saisies, Spip | 2026-03-05 | 8.8 High |
| SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote code execution on the server. | ||||
| CVE-2026-22205 | 1 Spip | 2 Saisies, Spip | 2026-03-05 | 7.5 High |
| SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data. | ||||
| CVE-2025-71243 | 1 Spip | 2 Saisies, Saisies Pour Formulaire | 2026-03-05 | 9.8 Critical |
| The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later. | ||||
Page 1 of 1.