Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-7954 — Eval Injection in Spip

CWE-95 — Eval Injection CWE-1286 — Improper Validation of Syntactic Correctness of Input CWE-284 — Improper Access Control8 documents8 sources

Severity

9.8CRITICALNVD

EPSS

93.7%

top 0.16%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Spip Debian Spip

Timeline

PublishedAug 23

Description

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5spip/spip4.3.0-alpha — 4.3.0-alpha2+2

▶debiandebian/spip< spip 4.3.0+dfsg-1 (forky)

▶Debianspip/spip< 4.3.0+dfsg-1+1

🔴Vulnerability Details

GHSA

GHSA-42mv-3h37-wfh9: The porte_plume plugin used by SPIP before 4↗2024-08-23

▶

OSV

CVE-2024-7954: The porte_plume plugin used by SPIP before 4↗2024-08-23

▶

VulnCheck

SPIP porte_plume Plugin Arbitrary PHP Execution Vulnerability↗2024

▶

💥Exploits & PoCs

Metasploit

SPIP Unauthenticated RCE via porte_plume Plugin↗

▶

Nuclei

SPIP Porte Plume Plugin - Remote Code Execution

▶

📋Vendor Advisories

Debian

CVE-2024-7954: spip - The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vu...↗2024

▶

🕵️Threat Intelligence

Greynoiseio

NoiseLetter October 2024↗

▶