22 matches found
Exploit for Deserialization of Untrusted Data in Spip
CVE-2023-27372 — SPIP Unauthenticated remote code execution v...
Linux Distros Unpatched Vulnerability : CVE-2023-27372
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10,...
CVE-2023-27372
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...
Exploit for Deserialization of Untrusted Data in Spip
SPIP CVE-2023-27372 Unauthenticated RCE Exploit Web Shell Upl...
SPIP form PHP Injection
This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are use exploit/multi/http/spiprceform ms...
Exploit for Deserialization of Untrusted Data in Spip
CVE-2023-27372 - The vulnerability exists in the oubli parame...
Exploit for Deserialization of Untrusted Data in Spip
CVE-2023-27372-POC Overview This Python POC Proof of Con...
Exploit for Deserialization of Untrusted Data in Spip
Installation et Exécution du script 💻 Prérequis Avant de...
Exploit for Deserialization of Untrusted Data in Spip
Installation et Exécution du script 💻 Prérequis Avant de...
SPIP v4.2.0 - Remote Code Execution (Unauthenticated) Exploit
!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...
Exploit for Deserialization of Untrusted Data in Spip
CVE-2023-27372 SPIP -v -o report.txt 🔍 Reconnaissance M...
SPIP password reset serialization vulnerability
Added: 06/23/2023 Background SPIP is a web-based publishing system written in PHP. Problem Mishandling of serialized data in SPIP's password reset form allows remote attackers to execute arbitrary commands. Resolution Upgrade to SPIP 3.2.18, 4.0.10, 4.1.8, 4.2.1 or higher. References...
SPIP 4.2.1 Remote Code Execution
!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...
SPIP v4.2.0 - Remote Code Execution (Unauthenticated)
!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...
Exploit for Deserialization of Untrusted Data in Spip
---- CVE-2023-273...
SPIP Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP form PHP Injection', 'Description' = %q This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter a...
[SECURITY] [DLA 3347-2] spip regression update
Debian LTS Advisory DLA-3347-2 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 03, 2023 https://wiki.debian.org/LTS Package : spip Version : 3.2.4-1+deb10u11 It was discovered that the fix for CVE-2023-27372 broke deactivation of plugins with dependencies. Fo...
Debian DSA-5367-1 : spip - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5367 advisory. - SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and...
CVE-2023-27372
creationtimestamp| type| source ---|---|--- 2023-02-28 22:32:44+00:00| seen| https://t.me/cibsecurity/59155 2023-06-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51536 2023-06-22 05:41:46+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8529 2023-06-23...
CVE-2023-27372
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...