- What: SPIP contains multiple input sanitization vulnerabilities
- Impact: Remote attackers could perform XSS, PHP injection, and SQL injection
It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform cross site scripting. (CVE-2022-28959) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform PHP injection attacks. (CVE-2022-28960) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform SQL injection attacks. (CVE-2022-28961)