Lucene search
HistorySep 06, 2024 - 4:15 p.m.
CVE-2024-8517
spip
command injection
multipart file upload
remote attack
unauthenticated attack
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.663
Percentile
98.0%
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
Affected configurations
Node
spipspipRange4.0.0–4.1.18
ORspipspipRange4.2.0–4.2.15
ORspipspipMatch4.3.0
ORspipspipMatch4.3.1
Related
osv
osv
CVE-2024-8517
2024-09-06 16:15:03
packetstorm
packetstorm
SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution
2024-09-12 00:00:00
metasploit
metasploit
SPIP BigUp Plugin Unauthenticated RCE
2024-09-06 20:10:18
zdt
zdt
cvelist
cvelist
CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection
2024-09-06 15:55:35
debiancve
debiancve
CVE-2024-8517
2024-09-06 16:15:03
cve
cve
CVE-2024-8517
2024-09-06 16:15:03
githubexploit
githubexploit
vulnrichment
vulnrichment
CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection
2024-09-06 15:55:35
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 09/13/2024
2024-09-13 18:29:33
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.663
Percentile
98.0%
Related for NVD:CVE-2024-8517