CVE-2025-71243
CRITICAL WAF: Medium
CVSS 9.8
Published: 2026-02-19
CWE-94
The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.
WAF Coverage Analysis
Code Injection
Medium WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution 933xxx - PHP Injection 934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| spip | saisies | 5.4.0 - 5.11.1 |
References
- blog.spip.net (Vendor Advisory)
- plugins.spip.net (Product)
- www.vulncheck.com (Third Party Advisory)