Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/spip/spip@3.1.10
purl pkg:composer/spip/spip@3.1.10
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (8)
Vulnerability Summary Aliases
VCID-e5f6-rvh3-j3d5 Improper Input Validation The SPIP template `composer/compiler` in SPIP allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with crafted user input. CVE-2016-7998
VCID-etmk-f7bn-eyee OS Command Injection SPIP does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution. CVE-2017-9736
VCID-ezwj-91dq-yyhr Server-Side Request Forgery (SSRF) `ecrire/exec/valider_xml.php` in SPIP allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the `var_url` parameter in a `valider_xml` action. CVE-2016-7999
VCID-hrvd-j6ye-4qfp Code Injection SPIP allows remote attackers to execute arbitrary PHP code by adding content, related to the `filtrer_entites` function. CVE-2016-3153
VCID-mzx8-p11m-6kez Cross-site Scripting Cross-site scripting (XSS) vulnerability in `ecrire/exec/plonger.php` in SPIP allows remote attackers to inject arbitrary web script or HTML via the `rac` parameter. CVE-2016-9152
VCID-qvmf-dzcc-8bhs Improper Input Validation SPIP allows authenticated visitors to execute arbitrary code on the host server because `var_memotri` is mishandled. CVE-2019-11071
VCID-sfba-72md-rfhp Cross-site Scripting A Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted string. CVE-2017-15736
VCID-tc6m-8nry-aqfy Path Traversal Directory traversal vulnerability in `ecrire/exec/valider_xml.php` in SPIP allows remote attackers to enumerate the files on the system via the `var_url` parameter in a `valider_xml` action. CVE-2016-7982

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:39:05.909078+00:00 GitLab Importer Fixing VCID-qvmf-dzcc-8bhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2019-11071.yml 38.6.0
2026-06-02T04:37:12.599383+00:00 GitLab Importer Fixing VCID-sfba-72md-rfhp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2017-15736.yml 38.6.0
2026-06-02T04:36:56.242262+00:00 GitLab Importer Fixing VCID-etmk-f7bn-eyee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2017-9736.yml 38.6.0
2026-06-02T04:36:45.827343+00:00 GitLab Importer Fixing VCID-e5f6-rvh3-j3d5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2016-7998.yml 38.6.0
2026-06-02T04:36:45.787492+00:00 GitLab Importer Fixing VCID-ezwj-91dq-yyhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2016-7999.yml 38.6.0
2026-06-02T04:36:45.751480+00:00 GitLab Importer Fixing VCID-tc6m-8nry-aqfy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2016-7982.yml 38.6.0
2026-06-02T04:36:41.318941+00:00 GitLab Importer Fixing VCID-mzx8-p11m-6kez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2016-9152.yml 38.6.0
2026-06-02T04:36:31.678532+00:00 GitLab Importer Fixing VCID-hrvd-j6ye-4qfp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2016-3153.yml 38.6.0