Louka Jacques-Chevallier

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 4.4.14 **Description** A remote code execution flaw exists in the public space, allowing attackers to execute arbitrary code within the web server context. This issue is limited to specific nginx configurations and is not mitigated by the SPIP security screen. **Recommendations** Update to version 4.4.14 or later.

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 4.4.14 **Description** A remote code execution issue exists in the private space that allows attackers to execute arbitrary code within the web server context. This flaw enables the bypass of security screen protections. **Recommendations** Update to version 4.4.14 or later.

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 4.4.10 **Description** SPIP versions before 4.4.10 are susceptible to an authentication bypass. This is due to PHP type juggling, which allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons within the authentication logic to bypass login verification and retrieve sensitive internal data. **Recommendations** Update to SPIP version 4.4.10 or later.

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 4.4.10 **Description** SPIP versions before 4.4.10 have a SQL injection flaw. Authenticated low-privilege users can execute arbitrary SQL queries through union-based injection techniques. Attackers can combine this SQL injection with PHP tag processing to achieve remote code execution on the server. **Recommendations** Update to SPIP version 4.4.10 or later.

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 4.4.8 **Description** SPIP before version 4.4.8 contains a Cross-Site Scripting (XSS) issue in the public area due to inadequate detection of malicious content by the `echapper html suspect()` function. This allows an attacker to inject scripts that execute in a visitor’s browser. The SPIP security screen does not mitigate this issue. **Recommendations** Update to SPIP version 4.4.8 or later.

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 4.4.8 **Description** SPIP before version 4.4.8 contains a Cross-Site Scripting (XSS) issue in the private area due to improper handling of iframe tags. The application does not adequately sandbox or escape iframe content within the back-office, which allows an attacker to inject and execute malicious scripts. The vulnerability is not addressed by the SPIP security screen. **Recommendations** Update to SPIP version 4.4.8 or later.

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 4.4.8 **Description** The application does not properly handle iframe content in the private area, allowing an attacker to inject and execute malicious scripts through iframe tags. The issue occurs because the application does not sandbox or escape iframe content in the back-office. The fix involves adding a sandbox attribute to iframe tags within the private area. This issue is not addressed by the SPIP security screen. **Recommendations** Update to SPIP version 4.4.8 or later.

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 4.4.8 **Description** SPIP before version 4.4.8 contains a Cross-Site Scripting (XSS) issue in the public area due to insufficient detection of malicious content by the `echapper html suspect()` function. This allows an attacker to inject scripts that can execute in a visitor’s browser. The SPIP security screen does not mitigate this issue. **Recommendations** Update SPIP to version 4.4.8 or later.

**Name of the Vulnerable Software and Affected Versions** Invoice Ninja versions 5.8.56 through 5.11.23 **Description** Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF), allowing for arbitrary file read and network resource requests as the application user. This issue enables attackers to perform arbitrary file reads and network requests. **Recommendations** For versions 5.8.56 through 5.11.23, as a temporary workaround, consider restricting access to sensitive files and network resources to minimize the risk of exploitation. However, the provided information does not specify a fixed version or patch, so at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 4.3.2, 4.2.16, and 4.1.18 **Description** SPIP is susceptible to a command injection issue. An unauthenticated, remote attacker can execute arbitrary operating system commands by submitting a specially crafted multipart file upload HTTP request. A proof of concept has been published, increasing the risk of exploitation. Approximately 200+ potentially affected devices have been identified via ZoomEye dorking. **Recommendations** SPIP versions prior to 4.3.2 must be updated. SPIP versions prior to 4.2.16 must be updated. SPIP versions prior to 4.1.18 must be updated.

**Name of the Vulnerable Software and Affected Versions** SPIP versions prior to 4.30-alpha2, 4.2.13, and 4.1.16 **Description** The porte plume plugin used by SPIP is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request. **Recommendations** For SPIP versions prior to 4.30-alpha2, 4.2.13, and 4.1.16, upgrade to a version that is 4.30-alpha2, 4.2.13, or 4.1.16 or later to mitigate the risk of remote exploitation. As a temporary workaround, consider disabling the porte plume plugin until a patch is available. Restrict access to the SPIP system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Spip versions prior to 3.2.8 **Description** A PHP injection issue allows attackers to execute arbitrary PHP code via the ` oups` parameter at the "/ecrire" API endpoint. **Recommendations** For versions prior to 3.2.8, update to version 3.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/ecrire" API endpoint to minimize the risk of exploitation. Avoid using the ` oups` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Spip Web Framework versions v3.1.13 and earlier **Description** The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities are located at the "/ecrire" endpoint via the `lier trad` and `where` parameters. **Recommendations** For Spip Web Framework versions v3.1.13 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "/ecrire" endpoint to minimize the risk of exploitation. Avoid using the `lier trad` and `where` parameters in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Spip Web Framework versions v3.1.13 and earlier **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the /spip.php component of Spip Web Framework. This allows attackers to execute arbitrary web scripts or HTML. **Recommendations** For Spip Web Framework versions v3.1.13 and earlier, update to a version later than v3.1.13 to resolve the issue. As a temporary workaround, consider restricting access to the /spip.php component until a patch is available.