Skip to main content

CVE-2023-27372

Description

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-27372
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2023-27372
nuts7

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Refrence: GitHub

Chocapikk

SPIP Vulnerability Scanner - CVE-2023-27372 Detector

Refrence: GitHub

0SPwn

This is a PoC for CVE-2023-27372 which spawns a fully interactive shell.

Refrence: GitHub

izzz0

CVE-2023-27372-SPIP-CMS-Bypass

Refrence: GitHub

ThatNotEasy

Perform With Mass Remote Code Execution In SPIP Version (4.2.1)

Refrence: GitHub

redboltsec

This is a PoC for CVE-2023-27372 and spawns a fully interactive shell.

Refrence: GitHub

Content on GitHub

peiqiF4ck | watchers:157

WebFrameworkTools-5.1-main
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵 禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.9