SPIP Multiple Security Vulnerabilities
SPIP is prone to the following security vulnerabilities.
1. A cross-site request forgery vulnerability
2. A cross-site scripting vulnerability
3. A directory-traversal vulnerability
4. A security-bypass vulnerability
5. A remote-code execution vulnerability
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, retrieve arbitrary files, bypass security restrictions, execute arbitrary code in the context of the application and perform unauthorized actions in the context of the affected application. Other attacks are also possible.
SPIP version 3.1.2 and prior are vulnerable.