Описание
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| spip | fixed | 4.3.0+dfsg-1 | package | |
| spip | not-affected | bullseye | package |
Примечания
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html
https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/
https://git.spip.net/spip/porte-plume/-/commit/e1e5a20f26beb3c1764bdccbbae634fc22468969 (porte_plume v3.1.6) (shipped in spip 4.2.13 and 4.3.0-alpha2)
https://git.spip.net/spip/porte-plume/-/commit/e8146a3d74808b21993df5525be70d7ce76ba881 (porte_plume v3.1.6) (shipped in spip 4.2.13 and 4.3.0-alpha2)
Introduced by https://git.spip.net/spip/porte-plume/-/commit/8015469c51adbc09395f7aa3450fa96abd35033f (porte_plume v3.1.4) (shipped in spip 4.2.5 and 4.3)
EPSS
Связанные уязвимости
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
Уязвимость плагина porte_plume системы управления контентом SPIP, позволяющая нарушителю выполнить произвольный код
EPSS