Jun 20, 2023 · SPIP v4.2.0 - Remote Code Execution (Unauthenticated). CVE-2023-27372 . webapps exploit for PHP platform

Feb 4, 2022 · SPIP 4.1 is above all a version that follows the maintained versions of PHP (7.4 to 8.1) and updates various libraries used internally. It also modifies the author authentication …

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. - …

Apr 20, 2023 · Authored by coiffeur, Laluka, Julien Voisin | Site metasploit.com This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter …

Sep 11, 2024 · This module exploits a PHP code injection vulnerability in SPIP. The vulnerability existsin the connect parameter, allowing an unauthenticated user to execute arbitrary …

Aug 24, 2023 · # This PoC exploits a PHP code injection in SPIP. The vulnerability exists in the `oubli` parameter and allows an unauthenticated user to execute arbitrary commands with web …

The root folder of a SPIP site has been completely emptied and now practically only contains the index.php which redirects to spip.php, which is now the unique point of entry to the public …

Information Technology Laboratory National Vulnerability DatabaseVulnerabilities

May 20, 2022 · Details info A vulnerability was found in SPIP up to 3.1.13 (Content Management System) and classified as problematic. This issue affects an unknown part of the file /spip.php. …

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute …