Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2023-27372

Description

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

POC

Reference

- http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html

- http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html

Github

- https://github.com/0SPwn/CVE-2023-27372-PoC

- https://github.com/1Ronkkeli/spip-cve-2023-27372-rce

- https://github.com/1amthebest1/CVE-2023-27372

- https://github.com/ARPSyndicate/cvemon

- https://github.com/AlienTec1908/Pipy_HackMyVM_Easy

- https://github.com/AlienTec1908/Publisher_HackMyVM_Easy

- https://github.com/Chocapikk/CVE-2023-27372

- https://github.com/Esther7171/THM-Walkthroughs

- https://github.com/Esther7171/TryHackMe-Walkthroughs

- https://github.com/G01d3nW01f/cve-2023-27372

- https://github.com/Jhonsonwannaa/CVE-2023-27372

- https://github.com/Jhonsonwannaa/Jhonsonwannaa

- https://github.com/KarimLedesmaHaron/THM-Tutoriales

- https://github.com/Pari-Malam/CVE-2023-27372

- https://github.com/Pentaksecurity/THMPublisherWriteup

- https://github.com/RSTG0D/CVE-2023-27372-PoC

- https://github.com/ThatNotEasy/CVE-2023-27372

- https://github.com/TheSysRat/Publisher--THM

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/YgorAlberto/ygoralberto.github.io

- https://github.com/abrahim7112/Vulnerability-checking-program-for-Android

- https://github.com/dream434/CVE-2023-27372

- https://github.com/dream434/dream434

- https://github.com/izzz0/CVE-2023-27372-POC

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/nuts7/CVE-2023-27372

- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/redboltsec/CVE-2023-27372-PoC

- https://github.com/tucommenceapousser/CVE-2023-27372

- https://github.com/w3workerz/THM-Walkthroughs

- https://github.com/zhenya-roadtojapan/TryHackMe-write-ups

- https://github.com/zulloper/cve-poc