PT-2026-22182 · Spip · Spip
Arthur Deloffre
+1
·
Published
2026-02-26
·
Updated
2026-03-03
·
CVE-2026-22206
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SPIP versions prior to 4.4.10
Description
SPIP versions before 4.4.10 have a SQL injection flaw. Authenticated low-privilege users can execute arbitrary SQL queries through union-based injection techniques. Attackers can combine this SQL injection with PHP tag processing to achieve remote code execution on the server.
Recommendations
Update to SPIP version 4.4.10 or later.
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spip