CVE-2023-27372

Related Files

SPIP 4.2.1 Remote Code Execution

Posted Jun 21, 2023

Authored by nuts7

SPIP versions 4.2.1 and below suffer from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution

advisories | CVE-2023-27372

SHA-256 | bc549f06980b67c5d5fb853b317d52b6bf509cd5c2baedf878192f640f78097d

Download | Favorite | View

SPIP Remote Command Execution

Posted Apr 18, 2023

Authored by coiffeur, Laluka, Julien Voisin | Site metasploit.com

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are below 3.2.18, below 4.0.10, below 4.1.18 and below 4.2.1.

tags | exploit, web, arbitrary, php

advisories | CVE-2023-27372

SHA-256 | da36b42d35a291178bebac45397335e931352a6a022f64275dfb7fc469079f1f

Download | Favorite | View

Debian Security Advisory 5367-1

Posted Mar 2, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5367-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code.

tags | advisory, arbitrary

systems | linux, debian

advisories | CVE-2023-27372

SHA-256 | 1d4b1b1ced26b5ac97eb9419c445bb93b485a6908145b4ed3c2bfbf29a5223b3

Download | Favorite | View