Critical SPIP Vulnerabilities Discovered in Ubuntu 16.04 LTS

Critical SPIP Vulnerabilities Discovered in Ubuntu 16.04 LTS

First seen 6 Apr 2026, 11:43 UTC UbuntuLinuxsecurity 90% similarity 72.5

Article Content

Browse articles
ThreatCluster

Multiple vulnerabilities have been identified in the SPIP website engine affecting Ubuntu 16.04 LTS and its derivatives. These vulnerabilities include cross site scripting (CVE-2022-28959), PHP injection (CVE-2022-28960), and SQL injection (CVE-2022-28961), all resulting from improper input sanitization. A remote attacker could exploit these issues to execute malicious scripts or commands on affected systems. The vulnerabilities were published on May 19, 2022, and have been addressed in recent updates. Users are advised to update their systems to the latest package versions to mitigate these risks. Ubuntu Pro users can benefit from extended security maintenance for these packages. The vulnerabilities pose a significant risk, particularly for web applications utilizing SPIP. Immediate action is recommended to prevent potential exploitation.

Key Points: • SPIP vulnerabilities allow for XSS, PHP injection, and SQL injection attacks. • Affected systems include Ubuntu 16.04 LTS and its derivatives. • Users should update to the latest package versions to mitigate risks.

ThreatCluster AI

Timeline

2022-05-19
CVE-2022-28959, CVE-2022-28960, CVE-2022-28961 published
2026-04-06
Ubuntu releases updates to address SPIP vulnerabilities

Community

Browse all →