vendor:
SPIP
by:
nuts7
N/A
CVSS
CRITICAL
Remote Code Execution
94
CWE
Product Name: SPIP
Affected Version From: < 4.2.1
Affected Version To: 4.2.2001
Patch Exists: YES
Related CWE: CVE-2023-27372
CPE: a:spip:spip
Tags: packetstorm,cve,cve2023,spip,rce
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Nuclei References:
https://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html, https://nvd.nist.gov/vuln/detail/CVE-2023-27372, https://github.com/nuts7/CVE-2023-27372, http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html, http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html
Nuclei Metadata: {'max-request': 2, 'shodan-query': 'html:"spip.php?page=backend"', 'verified': 'true', 'vendor': 'spip', 'product': 'spip'}
Platforms Tested: Ubuntu 20.04.3 LTS
2023
SPIP v4.2.1 – Remote Code Execution (Unauthenticated)
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. This PoC exploits a PHP code injection in SPIP. The vulnerability exists in the 'oubli' parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges.
Mitigation:
Upgrade to version 4.2.1 or the fixed versions 3.2.18, 4.0.10, and 4.1.8