SPIP v4.2.0 - Remote Code Execution (Unauthenticated)
Jun 20, 2023 · Branches 3.2, 4.0, 4.1 and 4.2 are concerned. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. # This PoC exploits a PHP code injection in SPIP. The vulnerability …
SPIP 4.1 - SPIP
Feb 4, 2022 · SPIP provides two methods that are used in ecrire/auth/spip.php. The default key is that of secret_des_auth, used to pepper. Three methods are also provided for encrypting and …
GitHub - nuts7/CVE-2023-27372: SPIP before 4.2.1 allows ...
It is possible to inject a serialized PHP string containing PHP code into the variable $_POST['oubli'] when resetting a password on the endpoint /spip.php?page=spip_pass in …
SPIP Remote Command Execution - The Cyber Post
Apr 20, 2023 · This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary …
SPIP connect Parameter PHP Injection - vulners.com
Sep 11, 2024 · SPIP connect Parameter PHP Injection vulnerability in SPIP allows unauthenticated user to execute arbitrary commands with web user privileges on Unix/Linux …
php - Decoding URL in SPIP - Stack Overflow
There is no built-in function to decode an URL in SPIP. You have to use PHP's urldecode(). [(#ENV{recherche}|urldecode)] will do the job. For reference, please see SPIP's filters: Adding …
SPIP v4.2.1 - Remote Code Execution (Unauthenticated)
Aug 24, 2023 · # This PoC exploits a PHP code injection in SPIP. The vulnerability exists in the `oubli` parameter and allows an unauthenticated user to execute arbitrary commands with web …