Cerdic

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 3.1.7 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a crafted string. This is demonstrated by a PGP field and is related to prive/objets/contenu/auteur.html and ecrire/inc/texte mini.php. **Recommendations** For versions prior to 3.1.7, update to version 3.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `prive/objets/contenu/auteur.html` and `ecrire/inc/texte mini.php` files until a patch is available. Avoid using crafted strings in the PGP field until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SPIP versions 3.1.x through 3.1.5 SPIP versions 3.2.x through Beta 2 **Description** The issue allows a remote attacker to cause remote code execution due to the failure to remove shell metacharacters from the host field. **Recommendations** For SPIP versions 3.1.x through 3.1.5, update to version 3.1.6 or later. For SPIP versions 3.2.x through Beta 2, update to Beta 3 or later.

**Name of the Vulnerable Software and Affected Versions** SPIP versions 3.1.2 and earlier **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted `valider xml` request. This can potentially be combined with another issue to execute arbitrary PHP code. **Recommendations** For SPIP versions 3.1.2 and earlier, update to a version later than 3.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the `valider xml` request to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SPIP versions 3.1.2 and earlier **Description** The issue allows remote attackers to conduct server-side request forgery (SSRF) attacks. This is achieved by providing a URL in the `var url` parameter within a `valider xml` action, targeting the `ecrire/exec/valider xml.php` file. **Recommendations** For SPIP versions 3.1.2 and earlier, consider restricting access to the `ecrire/exec/valider xml.php` file or the `valider xml` action to minimize the risk of exploitation. Avoid using the `var url` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SPIP versions 2.x prior to 2.1.19 SPIP versions 3.0.x prior to 3.0.22 SPIP versions 3.1.x prior to 3.1.1 **Description** The issue allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. This is due to a problem in the `encoder contexte ajax` function located in `ecrire/inc/filtres.php`. **Recommendations** For SPIP versions 2.x prior to 2.1.19, update to version 2.1.19 or later. For SPIP versions 3.0.x prior to 3.0.22, update to version 3.0.22 or later. For SPIP versions 3.1.x prior to 3.1.1, update to version 3.1.1 or later.