.. / CVE-2023-27372

Exploit for SPIP - Remote Command Execution (CVE-2023-27372)

Description:

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Nuclei Template

View the template here CVE-2023-27372.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-27372.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-27372
https://github.com/nuts7/CVE-2023-27372
https://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html
http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html
http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html