Fluid Attacks Database

Description

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote code execution on the server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	spip	=4.4.10+dfsg-1 \|\| =4.4.3+dfsg-1 \|\| =4.4.3+dfsg-1+deb13u1 \|\| =4.4.4+dfsg-1 \|\| =4.4.5+dfsg-1 \|\| =4.4.6+dfsg-1 \|\| =4.4.7+dfsg-1 \|\| =4.4.8+dfsg-1 \|\| =4.4.9+dfsg-1 \|\| >=0 <4.4.11+dfsg-0+deb13u1	4.4.11+dfsg-0+deb13u1
debian 11	spip	=3.2.11-3 \|\| =3.2.11-3+deb11u1 \|\| =3.2.11-3+deb11u10 \|\| =3.2.11-3+deb11u2 \|\| =3.2.11-3+deb11u3 \|\| =3.2.11-3+deb11u4 \|\| =3.2.11-3+deb11u5 \|\| =3.2.11-3+deb11u6 \|\| =3.2.11-3+deb11u7 \|\| =3.2.11-3+deb11u8 \|\| =3.2.11-3+deb11u9 \|\| =3.2.12-1 \|\| =4.0.1-1 \|\| =4.0.2-1 \|\| =4.0.4-1 \|\| =4.0.5-1 \|\| =4.1.0~alpha+dfsg-1 \|\| =4.1.0~beta+dfsg-1 \|\| =4.1.0~rc+dfsg-1 \|\| =4.1.1+dfsg-1 \|\| =4.1.10+dfsg-1 \|\| =4.1.11+dfsg-1 \|\| =4.1.12+dfsg-1 \|\| =4.1.13+dfsg-1 \|\| =4.1.15+dfsg-1 \|\| =4.1.15+dfsg-2 \|\| =4.1.2+dfsg-1 \|\| =4.1.5+dfsg-1 \|\| =4.1.7+dfsg-1 \|\| =4.1.8+dfsg-1 \|\| =4.1.9+dfsg-1 \|\| =4.2.10+dfsg-1 \|\| =4.2.11+dfsg-1 \|\| =4.2.12+dfsg-1 \|\| =4.2.13+dfsg-1 \|\| =4.2.14+dfsg-1 \|\| =4.2.2+dfsg-1 \|\| =4.2.3+dfsg-1 \|\| =4.2.4+dfsg-1 \|\| =4.2.5+dfsg-1 \|\| =4.2.6+dfsg-1 \|\| =4.2.7+dfsg-1 \|\| =4.2.8+dfsg-1 \|\| =4.2.9+dfsg-1 \|\| =4.2.9+dfsg-2 \|\| =4.3.0+dfsg-1 \|\| =4.3.0~alpha+dfsg-1 \|\| =4.3.0~alpha.2+dfsg-1 \|\| =4.3.0~beta+dfsg-1 \|\| =4.3.1+dfsg-1 \|\| =4.3.2+dfsg-1 \|\| =4.3.3+dfsg-1 \|\| =4.3.4+dfsg-1 \|\| =4.3.5+dfsg-1 \|\| =4.3.6+dfsg-1 \|\| =4.3.8+dfsg-1 \|\| =4.4.10+dfsg-1 \|\| =4.4.11+dfsg-1 \|\| =4.4.13+dfsg-1 \|\| =4.4.14+dfsg-1 \|\| =4.4.15+dfsg-1 \|\| =4.4.2+dfsg-1 \|\| =4.4.3+dfsg-1 \|\| =4.4.4+dfsg-1 \|\| =4.4.5+dfsg-1 \|\| =4.4.6+dfsg-1 \|\| =4.4.7+dfsg-1 \|\| =4.4.8+dfsg-1 \|\| =4.4.9+dfsg-1	-
debian 14	spip	=4.4.3+dfsg-1 \|\| =4.4.4+dfsg-1 \|\| =4.4.5+dfsg-1 \|\| =4.4.6+dfsg-1 \|\| =4.4.7+dfsg-1 \|\| =4.4.8+dfsg-1 \|\| =4.4.9+dfsg-1 \|\| >=0 <4.4.10+dfsg-1	4.4.10+dfsg-1

Aliases

1. CVE-2026-222062. NVD-2026-222063. OSV-DEBIAN-2026-222064. OSV-2026-222065. SECURITY-TRACKER-CVE-2026-22206

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.