CVE-2024-8517

🗓️ 06 Sep 2024 16:15:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 11 Views

Package hlibk not recommended; install SPIP from source due to bundled security updates.

Reporter	Title	Published	Views	Family All 28
0day.today	SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution Exploit	14 Sep 202400:00	–	zdt
GithubExploit	Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip	1 Aug 202511:14	–	githubexploit
GithubExploit	eCPPT-Penetration-Testing-Reports	3 Jun 202600:02	–	githubexploit
GithubExploit	Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip	6 Sep 202418:17	–	githubexploit
Information Security Automation	March Linux Patch Wednesday	20 Mar 202520:49	–	avleonov
Circl	CVE-2024-8517	6 Sep 202419:06	–	circl
CNNVD	SPIP 安全漏洞	6 Sep 202400:00	–	cnnvd
CVE	CVE-2024-8517	6 Sep 202415:55	–	cve
Cvelist	CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection	6 Sep 202415:55	–	cvelist
Debian CVE	CVE-2024-8517	6 Sep 202415:55	–	debiancve

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	spip	3.1.4-4~deb9u5ubuntu0.1~esm2	spip_3.1.4-4~deb9u5ubuntu0.1~esm2_any.deb
Ubuntu	20.04	any	spip	3.2.7-1ubuntu0.1+esm2	spip_3.2.7-1ubuntu0.1+esm2_any.deb
Ubuntu	22.04	any	spip	0	spip_0_any.deb
Ubuntu	24.04	any	spip	0	spip_0_any.deb
Ubuntu	24.10	any	spip	4.3.1+dfsg-1ubuntu0.1	spip_4.3.1+dfsg-1ubuntu0.1_any.deb

Source	Link
cve	www.cve.org/CVERecord
thinkloveshare	www.thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/
blog	www.blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html
vulncheck	www.vulncheck.com/advisories/spip-upload-rce
ubuntu	www.ubuntu.com/security/notices/USN-7318-1

24 Jun 2025 15:31Current

7.4High risk

Vulners AI Score7.4

CVSS 3.19.8

EPSS0.94618

SSVC

cve 2024 8517 hlibk package spip installation security updates unix system