CVE-2025-71243

Name of the Vulnerable Software and Affected Versions SPIP Saisies plugin versions 5.4.0 through 5.11.0

Description The 'Saisies pour formulaire' (Saisies) plugin for SPIP contains a critical Remote Code Execution (RCE) issue. An attacker can exploit this issue to execute arbitrary code on the server. The vulnerability is due to a template injection pattern, potentially involving an eval() chain, with different entry points identified in multiple plugins.

Recommendations Update to version 5.11.1 or later.