Primary

Context

SPIP SQL Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A SQL injection vulnerability has been identified in SPIP versions prior to 4.4.10. This vulnerability allows authenticated low-privilege users to execute arbitrary SQL queries by exploiting union-based injection techniques. Furthermore, attackers can combine this SQL injection flaw with PHP tag processing to achieve remote code execution on the server.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate the database, and combined with PHP tag processing, it could lead to remote code execution on the server.

Remediation

Users are advised to update to SPIP version 4.4.10 or later. The update can be performed using the SPIP Loader or by downloading the latest version from the SPIP website.

Added: Feb 26, 2026, 9:35 PM

Updated: Feb 26, 2026, 9:35 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.5

remediation

7.7

relevance

3.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.5

remediation

7.7

relevance

3.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SPIP SQL Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

SPIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating