Home

Description

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote code execution on the server.

PUBLISHED Reserved 2026-01-06 | Published 2026-02-26 | Updated 2026-02-26 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unaffected

Any version before 4.4.10
affected

Credits

Arthur Deloffre (Vozec) finder

Louka Jacques-Chevallier (Laluka) finder

References

blog.spip.net/...jour-de-securite-sortie-de-SPIP-4-4-10.html vendor-advisory patch

git.spip.net/spip/spip product

www.vulncheck.com/...ip-sql-injection-rce-via-union-php-tags third-party-advisory

cve.org (CVE-2026-22206)

nvd.nist.gov (CVE-2026-22206)

Download JSON