Security Advisory

CVE-2026-22206

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-26 20:17:58

Last updated 2026-03-05 01:30:18

Assigner VulnCheck

State PUBLISHED

Description

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote code execution on the server.

← Browse all CVEs View on cve.org ↗