Christophe Laffont

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 3.1.11 SPIP versions prior to 3.2.5 **Description** The issue is related to the mishandling of redirect URLs in the ecrire/inc/headers.php file, specifically when a %0D, %0A, or %20 character is present. This can lead to a potential redirect to an unreliable site, allowing a remote attacker to compromise data integrity. **Recommendations** For SPIP versions prior to 3.1.11, update to version 3.1.11 or later. For SPIP versions prior to 3.2.5, update to version 3.2.5 or later.