A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website.