CVE-2026-27747

Name of the Vulnerable Software and Affected Versions SPIP interface traduction objets plugin versions prior to 4.3.3

Description The SPIP interface traduction objets plugin is susceptible to an authenticated SQL injection issue. The plugin does not properly validate input for the id parent parameter when processing translation requests, specifically within the interface traduction objets pipelines.php file. This parameter is directly incorporated into a SQL query using the sql getfetsel() function without appropriate sanitization or parameterization. An attacker with editor-level privileges can inject malicious SQL code through the id parent parameter, potentially leading to database disclosure or modification, and potentially denial of service.

Recommendations Update the SPIP interface traduction objets plugin to version 4.3.3 or later.