cvedb.io
CVE-2025-71242
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-02-19T16:27:12.113 · Last modified 2026-06-17T10:03:56.550

Summary

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.

Affected products

spip — spip

Does this affect you?

Add your gear to cvedb and we'll alert you only when spip ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.