Lucene search
K

12 matches found

Nuclei
Nuclei
added 2026/06/23 5:8 a.m.96 views

SPIP BigUp Plugin - Remote Code Execution

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...

9.8CVSS7.7AI score0.94618EPSS
Exploits7References5
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-23659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...

6.1CVSS6.4AI score0.00441EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/08/01 11:14 a.m.470 views

Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip

PoC exploit for CVE-2024-8517, an unauthenticated Remote Code Ex...

9.8CVSS9.7AI score0.94618EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/09/23 12:0 a.m.2301 views

SPIP BigUp 4.3.1 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.3.1 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/20 12:0 a.m.313 views

SPIP BigUp 4.2.15 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.2.15 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/19 12:0 a.m.322 views

SPIP BigUp 4.1.17 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.1.17 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/17 12:0 a.m.219 views

SPIP BigUp 4.0 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bi...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/09/14 12:0 a.m.773 views

SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the listerfichiersparchamps function, which is triggered when the bigupretrouverfichiers parameter is set to any value. By exploiting the improper handling of multipart for...

9.8CVSS8.4AI score0.94618EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.456 views

SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP BigUp Plugin Unauthenticated RCE', 'Description' = %q This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP...

9.8CVSS7AI score0.94618EPSS
Exploits7
Metasploit
Metasploit
added 2024/09/11 6:54 p.m.809 views

SPIP BigUp Plugin Unauthenticated RCE

This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the listerfichiersparchamps function, which is triggered when the bigupretrouverfichiers parameter is set to any value. By exploiting the improper handling of multipart form data in...

9.8CVSS9.6AI score0.94618EPSS
Exploits7
GithubExploit
GithubExploit
added 2024/09/06 6:17 p.m.818 views

Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip

😈 SPIP BigUp Unauthenticated RCE Exploit 😈 📜 Description...

9.8CVSS10AI score0.94618EPSS
Exploits7
Vulnrichment
Vulnrichment
added 2024/09/06 3:55 p.m.27 views

CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

9.8CVSS8.3AI score0.94618EPSS
Exploits7References4
Rows per page
Query Builder