Skip to main content

Tickets CVE-2026-27744

CRITICAL
Code Injection (CWE-94)
2026-02-25 disclosure@vulncheck.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Patch released
Feb 27, 2026 - 19:41 nvd
Patch available
CVE Published
Feb 25, 2026 - 04:16 nvd
CRITICAL 9.8

DescriptionCVE.org

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment rendering (#ENV**), which disables SPIP output filtering. As a result, an unauthenticated attacker can inject crafted content that is evaluated through SPIP's template processing chain, leading to execution of code in the context of the web server.

AnalysisAI

Unauthenticated RCE in SPIP tickets plugin before 4.3.3 via code injection. Allows executing arbitrary PHP code without authentication. Patch available.

Technical ContextAI

CWE-94 code injection in the tickets form processing. No authentication required for exploitation.

RemediationAI

Update to SPIP tickets 4.3.3 or later.

CVE-2018-13742 HIGH POC
7.5 Jul 09

The mintToken function of a smart contract implementation for tickets (TKT), an Ethereum token, has an integer overflow

CVE-2026-35016 MEDIUM
5.1 May 20

Reflected cross-site scripting in Open ISES Tickets before v3.44.2 allows attackers to inject arbitrary JavaScript into

CVE-2026-35015 MEDIUM
5.1 May 20

Reflected XSS in Open ISES Tickets before 3.44.2 enables injection of arbitrary JavaScript via the unsanitized `the_tick

CVE-2026-35014 MEDIUM
5.1 May 20

Reflected cross-site scripting in Open ISES Tickets before 3.44.2 allows injection of arbitrary JavaScript via the ticke

CVE-2026-35013 MEDIUM
5.1 May 20

Reflected XSS in Open ISES Tickets before version 3.44.2 allows an attacker to inject arbitrary JavaScript into a victim

CVE-2026-35012 MEDIUM
5.1 May 20

Reflected XSS in Open ISES Tickets before version 3.44.2 enables JavaScript injection via the ticket_id GET parameter in

CVE-2026-35011 MEDIUM
5.1 May 20

Reflected cross-site scripting in Open ISES Tickets before v3.44.2 allows attackers to execute arbitrary JavaScript in a

CVE-2026-35010 MEDIUM
5.1 May 20

Reflected XSS in Open ISES Tickets before 3.44.2 enables JavaScript injection via the ticket_id GET parameter in patient

CVE-2026-35009 MEDIUM
5.1 May 20

Reflected XSS in Open ISES Tickets before 3.44.2 allows injection of arbitrary JavaScript via the unsanitized ticket_id

CVE-2026-35008 MEDIUM
5.1 May 20

Reflected cross-site scripting in Open ISES Tickets before version 3.44.2 allows an attacker to inject arbitrary JavaScr

CVE-2026-35007 MEDIUM
5.1 May 20

Reflected XSS in Open ISES Tickets before version 3.44.2 allows attackers to inject arbitrary JavaScript into a victim's

Share

CVE-2026-27744 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy