Vulnerability-Lookup

CNVD-2026-13833

Vulnerability from cnvd - Published: 2026-03-12

Title

SPIP interface_traduction_objets SQL注入漏洞

Description

SPIP interface_traduction_objets是SPIP公司的一个扩展插件。 SPIP interface_traduction_objets 2.2.2之前版本存在SQL注入漏洞。该漏洞源于interface_traduction_objets_pipelines.php在处理翻译请求时直接将id_parent参数连接到SQL WHERE子句，缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令窃取数据库敏感数据。

Severity

高

Patch Name

SPIP interface_traduction_objets SQL注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://plugins.spip.net/interface_traduction_objets

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-27747

Impacted products

Name
Spip interface_traduction_objets <2.2.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-27747",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-27747"
    }
  },
  "description": "SPIP interface_traduction_objets\u662fSPIP\u516c\u53f8\u7684\u4e00\u4e2a\u6269\u5c55\u63d2\u4ef6\u3002\n\nSPIP interface_traduction_objets 2.2.2\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8einterface_traduction_objets_pipelines.php\u5728\u5904\u7406\u7ffb\u8bd1\u8bf7\u6c42\u65f6\u76f4\u63a5\u5c06id_parent\u53c2\u6570\u8fde\u63a5\u5230SQL WHERE\u5b50\u53e5\uff0c\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5SQL\u547d\u4ee4\u7a83\u53d6\u6570\u636e\u5e93\u654f\u611f\u6570\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://plugins.spip.net/interface_traduction_objets",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-13833",
  "openTime": "2026-03-12",
  "patchDescription": "SPIP interface_traduction_objets\u662fSPIP\u516c\u53f8\u7684\u4e00\u4e2a\u6269\u5c55\u63d2\u4ef6\u3002\r\n\r\nSPIP interface_traduction_objets 2.2.2\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8einterface_traduction_objets_pipelines.php\u5728\u5904\u7406\u7ffb\u8bd1\u8bf7\u6c42\u65f6\u76f4\u63a5\u5c06id_parent\u53c2\u6570\u8fde\u63a5\u5230SQL WHERE\u5b50\u53e5\uff0c\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5SQL\u547d\u4ee4\u7a83\u53d6\u6570\u636e\u5e93\u654f\u611f\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SPIP interface_traduction_objets SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Spip interface_traduction_objets \u003c2.2.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-27747",
  "serverity": "\u9ad8",
  "submitTime": "2026-03-11",
  "title": "SPIP interface_traduction_objets SQL\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2026-27747 (GCVE-0-2026-27747)

Vulnerability from cvelistv5 – Published: 2026-02-25 03:07 – Updated: 2026-03-05 01:31

Title

SPIP interface_traduction_objets < 2.2.2 Authenticated SQL Injection

Summary

The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interface_traduction_objets_pipelines.php. When handling translation requests, the plugin reads the id_parent parameter from user-supplied input and concatenates it directly into a SQL WHERE clause in a call to sql_getfetsel() without input validation or parameterization. An authenticated attacker with editor-level privileges can inject crafted SQL expressions into the id_parent parameter to manipulate the backend query. Successful exploitation can result in disclosure or modification of database contents and may lead to denial of service depending on the database configuration and privileges.

Severity ?

7.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

VulnCheck

References

URL

Tags

	https://chocapikk.com/posts/2026/spip-plugins-vul…	technical-descriptionexploit
	https://blog.spip.net/Mise-a-jour-de-securite-sor…	vendor-advisory
	https://plugins.spip.net/interface_traduction_objets	product
	https://git.spip.net/spip-contrib-extensions/inte…	patch
	https://www.vulncheck.com/advisories/spip-interfa…	third-party-advisory

Impacted products

	Vendor	Product	Version
	SPIP	interface_traduction_objets	Affected: 0 , < 2.2.2 (semver)

Credits

Valentin Lobstein (Chocapikk) VulnCheck

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27747",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-04T16:40:52.858793Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-04T16:41:06.548Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "interface_traduction_objets",
          "repo": "https://git.spip.net/spip-contrib-extensions/interface_traduction_objets",
          "vendor": "SPIP",
          "versions": [
            {
              "lessThan": "2.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.2.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Valentin Lobstein (Chocapikk)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulnCheck"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The SPIP interface_traduction_objets plugin versions prior to\u0026nbsp;2.2.2 contain an authenticated SQL injection vulnerability in interface_traduction_objets_pipelines.php. When handling translation requests, the plugin reads the id_parent parameter from user-supplied input and concatenates it directly into a SQL WHERE clause in a call to sql_getfetsel() without input validation or parameterization. An authenticated attacker with editor-level privileges can inject crafted SQL expressions into the id_parent parameter to manipulate the backend query. Successful exploitation can result in disclosure or modification of database contents and may lead to denial of service depending on the database configuration and privileges."
            }
          ],
          "value": "The SPIP interface_traduction_objets plugin versions prior to\u00a02.2.2 contain an authenticated SQL injection vulnerability in interface_traduction_objets_pipelines.php. When handling translation requests, the plugin reads the id_parent parameter from user-supplied input and concatenates it directly into a SQL WHERE clause in a call to sql_getfetsel() without input validation or parameterization. An authenticated attacker with editor-level privileges can inject crafted SQL expressions into the id_parent parameter to manipulate the backend query. Successful exploitation can result in disclosure or modification of database contents and may lead to denial of service depending on the database configuration and privileges."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T01:31:28.148Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://chocapikk.com/posts/2026/spip-plugins-vulnerabilities/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-10.html"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://plugins.spip.net/interface_traduction_objets"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.spip.net/spip-contrib-extensions/interface_traduction_objets/-/commit/db3417b7811774f04c3ff191ca1737fe660ef0be"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/spip-interface-traduction-objets-authenticated-sql-injection"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SPIP interface_traduction_objets \u003c 2.2.2 Authenticated SQL Injection",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-27747",
    "datePublished": "2026-02-25T03:07:44.532Z",
    "dateReserved": "2026-02-23T21:38:48.842Z",
    "dateUpdated": "2026-03-05T01:31:28.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-13833

CVE-2026-27747 (GCVE-0-2026-27747)

Tags

Sightings

Nomenclature