It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code or escalate privileges.