Platform
php
Component
referer_spam
Fixed in
1.3.0
CVE-2026-27743 describes a critical SQL injection vulnerability discovered in the SPIP referer_spam plugin. This flaw allows unauthenticated attackers to inject malicious SQL code, potentially leading to data breaches and system compromise. The vulnerability affects versions 0.0 through 1.3.0 of the plugin, and a fix is available in version 1.3.0.
The SQL injection vulnerability in referer_spam allows attackers to directly manipulate SQL queries used by the plugin. Because the endpoints lack authentication and proper input validation, an attacker can craft malicious URLs containing SQL code that will be executed against the SPIP database. This could result in unauthorized access to sensitive data, including user credentials, website content, and configuration information. Successful exploitation could also enable attackers to modify or delete data, escalate privileges, or even gain complete control over the affected SPIP installation. The lack of authentication makes this vulnerability particularly concerning, as it can be exploited remotely without any prior access.
CVE-2026-27743 was publicly disclosed on 2026-02-25. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability's critical severity and ease of exploitation suggest a potential for active exploitation, though no confirmed campaigns have been reported. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.15% (35% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-27743 is to immediately upgrade the SPIP refererspam plugin to version 1.3.0 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. These might include restricting access to the vulnerable endpoints (refererspamajouter and refererspam_supprimer) using a web application firewall (WAF) or proxy server, configured to block requests with suspicious SQL syntax in the URL parameters. Carefully review and sanitize all user inputs within the plugin’s code to prevent future injection vulnerabilities. After upgrading, verify the fix by attempting to inject SQL code through the vulnerable endpoints and confirming that the queries are properly sanitized and do not execute malicious commands.
Update the referer_spam plugin to version 1.3.0 or higher. This version fixes the SQL injection vulnerability. The update can be performed from the SPIP administration panel or by downloading the latest version of the plugin from the official repository.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-27743 is a critical SQL injection vulnerability affecting SPIP referer_spam plugin versions 0.0 to 1.3.0, allowing attackers to execute arbitrary SQL queries without authentication.
You are affected if you are using SPIP with the referer_spam plugin in versions 0.0 through 1.3.0. Upgrade immediately to mitigate the risk.
Upgrade the SPIP referer_spam plugin to version 1.3.0 or later. If immediate upgrade is not possible, implement WAF rules to block malicious requests.
While no confirmed exploitation campaigns have been reported, the vulnerability's critical severity suggests a potential for active exploitation.
Refer to the official SPIP security advisories on their website for the latest information and updates regarding CVE-2026-27743.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.