Lucene search
K

22 matches found

GithubExploit
GithubExploit
added 2026/02/24 12:22 a.m.287 views

Exploit for Deserialization of Untrusted Data in Spip

CVE-2023-27372 — SPIP Unauthenticated remote code execution v...

9.8CVSS9.4AI score0.99637EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-27372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10,...

9.8CVSS7.3AI score0.99637EPSS
Exploits23References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.10 views

CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

9.8CVSS7.4AI score0.99637EPSS
Exploits23References1
GithubExploit
GithubExploit
added 2025/04/28 1:48 p.m.628 views

Exploit for Deserialization of Untrusted Data in Spip

SPIP CVE-2023-27372 Unauthenticated RCE Exploit Web Shell Upl...

9.8CVSS8.2AI score0.99637EPSS
Exploits23
Metasploit
Metasploit
added 2024/09/11 6:54 p.m.14869 views

SPIP form PHP Injection

This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are use exploit/multi/http/spiprceform ms...

9.8CVSS8.2AI score0.99637EPSS
Exploits23
GithubExploit
GithubExploit
added 2023/07/31 8:32 p.m.386 views

Exploit for Deserialization of Untrusted Data in Spip

CVE-2023-27372 - The vulnerability exists in the oubli parame...

9.8CVSS9.9AI score0.99637EPSS
Exploits23
GithubExploit
GithubExploit
added 2023/07/11 10:0 a.m.401 views

Exploit for Deserialization of Untrusted Data in Spip

CVE-2023-27372-POC Overview This Python POC Proof of Con...

9.8CVSS7.2AI score0.99637EPSS
Exploits23
GithubExploit
GithubExploit
added 2023/07/01 5:8 p.m.251 views

Exploit for Deserialization of Untrusted Data in Spip

Installation et Exécution du script 💻 Prérequis Avant de...

9.8CVSS9.6AI score0.99637EPSS
Exploits23
GithubExploit
GithubExploit
added 2023/07/01 5:8 p.m.159 views

Exploit for Deserialization of Untrusted Data in Spip

Installation et Exécution du script 💻 Prérequis Avant de...

9.8CVSS9.6AI score0.99637EPSS
Exploits23
0day.today
0day.today
added 2023/06/26 12:0 a.m.1616 views

SPIP v4.2.0 - Remote Code Execution (Unauthenticated) Exploit

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...

9.8CVSS7.1AI score0.99637EPSS
Exploits23
GithubExploit
GithubExploit
added 2023/06/25 7:30 p.m.884 views

Exploit for Deserialization of Untrusted Data in Spip

CVE-2023-27372 SPIP -v -o report.txt 🔍 Reconnaissance M...

9.8CVSS9.3AI score0.99637EPSS
Exploits23
Saint
Saint
added 2023/06/23 12:0 a.m.495 views

SPIP password reset serialization vulnerability

Added: 06/23/2023 Background SPIP is a web-based publishing system written in PHP. Problem Mishandling of serialized data in SPIP's password reset form allows remote attackers to execute arbitrary commands. Resolution Upgrade to SPIP 3.2.18, 4.0.10, 4.1.8, 4.2.1 or higher. References...

9.8CVSS9.9AI score0.99637EPSS
Exploits23
Packet Storm
Packet Storm
added 2023/06/21 12:0 a.m.4336 views

SPIP 4.2.1 Remote Code Execution

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...

9.8CVSS7.1AI score0.99637EPSS
Exploits23
Exploit DB
Exploit DB
added 2023/06/20 12:0 a.m.1256 views

SPIP v4.2.0 - Remote Code Execution (Unauthenticated)

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...

9.8CVSS9.8AI score0.99637EPSS
Exploits23
GithubExploit
GithubExploit
added 2023/06/19 2:36 p.m.597 views

Exploit for Deserialization of Untrusted Data in Spip

---- CVE-2023-273...

9.8CVSS10AI score0.99637EPSS
Exploits23
Packet Storm
Packet Storm
added 2023/04/18 12:0 a.m.515 views

SPIP Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP form PHP Injection', 'Description' = %q This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter a...

9.8CVSS9.4AI score0.99637EPSS
Exploits23
Debian
Debian
added 2023/03/03 11:4 p.m.42 views

[SECURITY] [DLA 3347-2] spip regression update

Debian LTS Advisory DLA-3347-2 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 03, 2023 https://wiki.debian.org/LTS Package : spip Version : 3.2.4-1+deb10u11 It was discovered that the fix for CVE-2023-27372 broke deactivation of plugins with dependencies. Fo...

9.8CVSS7.2AI score0.99637EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2023/03/02 12:0 a.m.41 views

Debian DSA-5367-1 : spip - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5367 advisory. - SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and...

9.8CVSS8.4AI score0.99637EPSS
Exploits23References5
Circl
Circl
added 2023/02/28 10:32 p.m.40 views

CVE-2023-27372

creationtimestamp| type| source ---|---|--- 2023-02-28 22:32:44+00:00| seen| https://t.me/cibsecurity/59155 2023-06-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51536 2023-06-22 05:41:46+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8529 2023-06-23...

9.8CVSS7.3AI score0.99637EPSS
Exploits23References19
Vulnrichment
Vulnrichment
added 2023/02/28 12:0 a.m.6 views

CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

9.8AI score0.99637EPSS
Exploits23References6
Rows per page
Query Builder