CVE-2022-28961

HIGH

Spip Web Framework <v3.1.13 - SQL Injection

Title source: llm
STIX 2.1

Description

Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.

References (5)

Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/

Scores

CVSS v3 8.8
EPSS 0.0152
EPSS Percentile 71.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
spip/spip < 3.1.13
Published May 19, 2022
Tracked Since Feb 18, 2026