SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
View the template here CVE-2023-27372.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-27372