Exploit for Deserialization of Untrusted Data in Spip

CVE-2023-27372 — SPIP Unauthenticated remote code execution v...

SPIP form PHP Injection

This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are use exploit/multi/http/spiprceform ms...

Exploit for Deserialization of Untrusted Data in Spip

CVE-2023-27372 - The vulnerability exists in the oubli parame...