CVE-2023-53900

High CVSS: 8.8

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering.

Vendor

Spip

Product

Spip

CWE

CWE-79

Yayın Tarihi

2025-12-16 18:16:07

Güncelleme

2025-12-31 18:30:53

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Spip HIGH Spip 2025

Referanslar

https://www.exploit-db.com/exploits/51557 https://www.spip.net/en_rubrique25.html https://www.vulncheck.com/advisories/spip-admin-account-spoofing-via-malicious-svg-upload

Benzer Kayıtlar

High

CVE-2026-22205

SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows una…

High

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to exe…

High

CVE-2026-27745

The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulne…

Medium

CVE-2026-27746

The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the pre_pro…

High

CVE-2026-27747

The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability…

Critical

CVE-2026-27743

The SPIP referer_spam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refer…